Revision 1527
Added by Jing Tao over 21 years ago
src/edu/ucsb/nceas/metacat/PermissionController.java | ||
---|---|---|
41 | 41 |
// access for this docid |
42 | 42 |
private Vector subTreeList = new Vector(); |
43 | 43 |
|
44 |
private long TOPLEVELSTARTNODEID = 0; //if start node is 0, means it is top |
|
45 |
//level document |
|
44 | 46 |
|
47 |
|
|
45 | 48 |
/** |
46 | 49 |
* Constructor for PermissionController |
47 | 50 |
* @param myDocid the docid need to access |
... | ... | |
182 | 185 |
int permission) |
183 | 186 |
throws SQLException |
184 | 187 |
{ |
185 |
String subTreeId = null;// this is for top level, so subtree id is null
|
|
188 |
long startId = TOPLEVELSTARTNODEID;// this is for top level, so startid is 0
|
|
186 | 189 |
try |
187 | 190 |
{ |
188 | 191 |
//first, if there is a docid owner in user package, return true |
... | ... | |
195 | 198 |
|
196 | 199 |
//If there is no owner in user package, checking the table |
197 | 200 |
//check perm_order |
198 |
if (isAllowFirst(principals, docId, subTreeId))
|
|
201 |
if (isAllowFirst(principals, docId, startId))
|
|
199 | 202 |
{ |
200 | 203 |
|
201 |
if (hasExplicitDenyRule(principals, docId, permission, subTreeId))
|
|
204 |
if (hasExplicitDenyRule(principals, docId, permission, startId))
|
|
202 | 205 |
{ |
203 | 206 |
//if it is allowfirst and has deny rule(either explicit ) |
204 | 207 |
//deny access |
205 | 208 |
return false; |
206 | 209 |
}//if |
207 |
else if ( hasAllowRule(principals, docId, permission, subTreeId))
|
|
210 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
208 | 211 |
{ |
209 | 212 |
//if it is allowfirst and hasn't deny rule and has allow rule |
210 | 213 |
//allow access |
... | ... | |
218 | 221 |
}//if isAllowFirst |
219 | 222 |
else //denyFirst |
220 | 223 |
{ |
221 |
if (hasAllowRule(principals, docId, permission, subTreeId))
|
|
224 |
if (hasAllowRule(principals, docId, permission, startId))
|
|
222 | 225 |
{ |
223 | 226 |
//if it is denyFirst and has allow rule, allow access |
224 | 227 |
return true; |
... | ... | |
305 | 308 |
for (int i = 0; i< subTreeList.size(); i++) |
306 | 309 |
{ |
307 | 310 |
SubTree tree = (SubTree)subTreeList.elementAt(i); |
308 |
String subTreeId = (String)(tree.getSubTreeId());
|
|
311 |
long startId = tree.getStartNodeId();
|
|
309 | 312 |
|
310 |
if (subTreeId != null) |
|
311 |
{ |
|
313 |
|
|
312 | 314 |
try |
313 | 315 |
{ |
314 |
if (isAllowFirst(principals, docId, subTreeId))
|
|
316 |
if (isAllowFirst(principals, docId, startId))
|
|
315 | 317 |
{ |
316 | 318 |
|
317 |
if (hasExplicitDenyRule(principals, docId, permission, subTreeId))
|
|
319 |
if (hasExplicitDenyRule(principals, docId, permission, startId ))
|
|
318 | 320 |
{ |
319 | 321 |
|
320 | 322 |
//if it is allowfirst and has deny rule |
321 | 323 |
// put the subtree into unaccessable vector |
322 |
if (!resultUnaccessableSubTree.containsKey(subTreeId))
|
|
324 |
if (!resultUnaccessableSubTree.containsKey(new Long(startId)))
|
|
323 | 325 |
{ |
324 |
resultUnaccessableSubTree.put(subTreeId, tree);
|
|
326 |
resultUnaccessableSubTree.put(new Long(startId), tree);
|
|
325 | 327 |
} |
326 | 328 |
}//if |
327 |
else if ( hasAllowRule(principals, docId, permission, subTreeId))
|
|
329 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
328 | 330 |
{ |
329 | 331 |
//if it is allowfirst and hasn't deny rule and has allow rule |
330 | 332 |
//allow access do nothing |
... | ... | |
333 | 335 |
else |
334 | 336 |
{ |
335 | 337 |
//other situation deny access |
336 |
if (!resultUnaccessableSubTree.containsKey(subTreeId))
|
|
338 |
if (!resultUnaccessableSubTree.containsKey(new Long(startId)))
|
|
337 | 339 |
{ |
338 |
resultUnaccessableSubTree.put(subTreeId, tree);
|
|
340 |
resultUnaccessableSubTree.put(new Long(startId), tree);
|
|
339 | 341 |
} |
340 | 342 |
|
341 | 343 |
}//else |
342 | 344 |
}//if isAllowFirst |
343 | 345 |
else //denyFirst |
344 | 346 |
{ |
345 |
if (hasAllowRule(principals, docId, permission,subTreeId))
|
|
347 |
if (hasAllowRule(principals, docId, permission,startId))
|
|
346 | 348 |
{ |
347 | 349 |
//if it is denyFirst and has allow rule, allow access, do nothing |
348 | 350 |
|
... | ... | |
351 | 353 |
{ |
352 | 354 |
//if it is denyfirst but no allow rule, deny access |
353 | 355 |
// add into vector |
354 |
if (!resultUnaccessableSubTree.containsKey(subTreeId))
|
|
356 |
if (!resultUnaccessableSubTree.containsKey(new Long(startId)))
|
|
355 | 357 |
{ |
356 |
resultUnaccessableSubTree.put(subTreeId, tree);
|
|
358 |
resultUnaccessableSubTree.put(new Long(startId), tree);
|
|
357 | 359 |
} |
358 | 360 |
} |
359 | 361 |
}//else denyfirst |
... | ... | |
364 | 366 |
"UnaccessableSubTree "+e.getMessage(), 30); |
365 | 367 |
throw new McdbException(e); |
366 | 368 |
} |
367 |
}//if |
|
369 |
|
|
368 | 370 |
}//for |
369 | 371 |
// merge the subtree if a subtree is another subtree'subtree |
370 | 372 |
resultUnaccessableSubTree = mergeEquivalentSubtree(resultUnaccessableSubTree); |
... | ... | |
421 | 423 |
// if not need to delete, put the subtree into hash |
422 | 424 |
if (!needDelete) |
423 | 425 |
{ |
424 |
newSubTreeHash.put(treeId, tree);
|
|
426 |
newSubTreeHash.put(new Long(startId), tree);
|
|
425 | 427 |
} |
426 | 428 |
//reset needDelete |
427 | 429 |
needDelete = false; |
... | ... | |
553 | 555 |
* @param docid, document identifier to check for |
554 | 556 |
*/ |
555 | 557 |
private boolean isAllowFirst(String [] principals, String docId, |
556 |
String subTreeId)
|
|
558 |
long startId)
|
|
557 | 559 |
throws SQLException, Exception |
558 | 560 |
{ |
559 | 561 |
int lengthOfArray=principals.length; |
... | ... | |
563 | 565 |
int serialNumber = -1; |
564 | 566 |
String sql = null; |
565 | 567 |
boolean topLever =false; |
566 |
if (subTreeId == null)
|
|
568 |
if (startId == TOPLEVELSTARTNODEID)
|
|
567 | 569 |
{ |
568 | 570 |
//top level |
569 | 571 |
topLever = true; |
570 | 572 |
sql = "SELECT perm_order FROM xml_access " + |
571 |
"WHERE principal_name= ? AND docid = ? AND subtreeid is NULL";
|
|
573 |
"WHERE principal_name= ? AND docid = ? AND startnodeid is NULL";
|
|
572 | 574 |
} |
573 | 575 |
else |
574 | 576 |
{ |
575 | 577 |
//sub tree level |
576 | 578 |
sql = "SELECT perm_order FROM xml_access " + |
577 |
"WHERE principal_name= ? AND docid = ? AND subtreeid = ?";
|
|
579 |
"WHERE principal_name= ? AND docid = ? AND startnodeid = ?";
|
|
578 | 580 |
} |
579 | 581 |
|
580 | 582 |
try |
... | ... | |
596 | 598 |
// if subtree, we need set subtree id |
597 | 599 |
if (!topLever) |
598 | 600 |
{ |
599 |
pStmt.setString(3, subTreeId);
|
|
601 |
pStmt.setLong(3, startId);
|
|
600 | 602 |
} |
601 | 603 |
|
602 | 604 |
pStmt.execute(); |
... | ... | |
654 | 656 |
* @param permission, the permssion need to check |
655 | 657 |
*/ |
656 | 658 |
private boolean hasAllowRule(String [] principals, String docId, |
657 |
int permission, String subTreeId)
|
|
659 |
int permission, long startId)
|
|
658 | 660 |
throws SQLException, Exception |
659 | 661 |
{ |
660 | 662 |
int lengthOfArray=principals.length; |
... | ... | |
668 | 670 |
int serialNumber = -1; |
669 | 671 |
boolean topLever = false; |
670 | 672 |
String sql = null; |
671 |
if (subTreeId == null)
|
|
673 |
if (startId == TOPLEVELSTARTNODEID)
|
|
672 | 674 |
{ |
673 | 675 |
// for toplevel |
674 | 676 |
topLever = true; |
675 | 677 |
sql = "SELECT permission FROM xml_access WHERE docid = ? " + |
676 |
"AND principal_name = ? AND perm_type = ? AND subtreeid is NULL";
|
|
678 |
"AND principal_name = ? AND perm_type = ? AND startnodeid is NULL";
|
|
677 | 679 |
} |
678 | 680 |
else |
679 | 681 |
{ |
680 | 682 |
topLever =false; |
681 | 683 |
sql = "SELECT permission FROM xml_access WHERE docid = ? " + |
682 |
"AND principal_name = ? AND perm_type = ? AND subtreeid= ?";
|
|
684 |
"AND principal_name = ? AND perm_type = ? AND startnodeid = ?";
|
|
683 | 685 |
} |
684 | 686 |
try |
685 | 687 |
{ |
... | ... | |
698 | 700 |
// if subtree lever, need to set subTreeId |
699 | 701 |
if (!topLever) |
700 | 702 |
{ |
701 |
pStmt.setString(4, subTreeId);
|
|
703 |
pStmt.setLong(4, startId);
|
|
702 | 704 |
} |
703 | 705 |
|
704 | 706 |
//bind every elenment in user name array |
... | ... | |
753 | 755 |
* @param permission, the permssion need to check |
754 | 756 |
*/ |
755 | 757 |
private boolean hasExplicitDenyRule(String [] principals, String docId, |
756 |
int permission, String subTreeId)
|
|
758 |
int permission, long startId)
|
|
757 | 759 |
throws SQLException |
758 | 760 |
{ |
759 | 761 |
int lengthOfArray=principals.length; |
... | ... | |
767 | 769 |
boolean topLevel = false; |
768 | 770 |
|
769 | 771 |
// decide top level or subtree level |
770 |
if (subTreeId == null)
|
|
772 |
if (startId == TOPLEVELSTARTNODEID)
|
|
771 | 773 |
{ |
772 | 774 |
topLevel = true; |
773 | 775 |
sql = "SELECT permission FROM xml_access WHERE docid = ? " + |
774 |
"AND principal_name = ? AND perm_type = ? AND subtreeid is NULL";
|
|
776 |
"AND principal_name = ? AND perm_type = ? AND startnodeid is NULL";
|
|
775 | 777 |
} |
776 | 778 |
else |
777 | 779 |
{ |
778 | 780 |
topLevel = false; |
779 | 781 |
sql = "SELECT permission FROM xml_access WHERE docid = ? " + |
780 |
"AND principal_name = ? AND perm_type = ? AND subtreeid = ?";
|
|
782 |
"AND principal_name = ? AND perm_type = ? AND startnodeid = ?";
|
|
781 | 783 |
} |
782 | 784 |
|
783 | 785 |
try |
... | ... | |
794 | 796 |
// subtree level need to set up subtreeid |
795 | 797 |
if (!topLevel) |
796 | 798 |
{ |
797 |
pStmt.setString(4, subTreeId);
|
|
799 |
pStmt.setLong(4, startId);
|
|
798 | 800 |
} |
799 | 801 |
|
800 | 802 |
//bind every elenment in user name array |
Also available in: Unified diff
Change the key of unaccessablesubtree from subtreeid to startnodeid. because some subtree doesn't have subtreeid.