Revision 1540
Added by Jing Tao over 21 years ago
| src/edu/ucsb/nceas/metacat/EmlSAXHandler.java | ||
|---|---|---|
| 80 | 80 |
private boolean startCriticalSubTree = false; |
| 81 | 81 |
private boolean firstElementForCriticalSubTree = false; |
| 82 | 82 |
private String firstElementNameForCriticalSubTree; |
| 83 |
private boolean needCheckingAccessModule = false; |
|
| 84 |
private Vector unChangableAccessSubTreeVector; |
|
| 85 |
private AccessSection topAccessSection; |
|
| 83 | 86 |
|
| 84 | 87 |
|
| 85 | 88 |
// Constant |
| ... | ... | |
| 92 | 95 |
public static final String INLINE = "inline"; |
| 93 | 96 |
private static final String PERMISSIONERROR ="User try to update a subtree"+ |
| 94 | 97 |
" which it doesn't have write permission!"; |
| 98 |
private static final String TOPLEVEL = "top"; |
|
| 99 |
private static final String SUBTREELEVEL ="subtree"; |
|
| 95 | 100 |
|
| 96 | 101 |
/** Construct an instance of the handler class |
| 97 | 102 |
* In this constructor, user can specify the version need to upadate |
| ... | ... | |
| 117 | 122 |
{
|
| 118 | 123 |
PermissionController control = new PermissionController(docid); |
| 119 | 124 |
//unChangableSubTreeHash = getUnchangableSubTree(control, user, groups); |
| 125 |
|
|
| 126 |
|
|
| 127 |
//If the action is update and user doesn't have "ALL" permission |
|
| 128 |
// we need to check if user update access subtree |
|
| 129 |
if (action.equals("UPDATE") &&
|
|
| 130 |
control.hasPermission(user, groups, AccessControlInterface.ALLSTRING)) |
|
| 131 |
{
|
|
| 132 |
needCheckingAccessModule = true; |
|
| 133 |
unChangableAccessSubTreeVector = getAccessSubTreeListFromDB(); |
|
| 134 |
} |
|
| 120 | 135 |
} |
| 121 | 136 |
catch (Exception e) |
| 122 | 137 |
{
|
| ... | ... | |
| 162 | 177 |
return result; |
| 163 | 178 |
} |
| 164 | 179 |
|
| 180 |
|
|
| 181 |
/* |
|
| 182 |
* Get the subtree node info from xml_accesssubtree table |
|
| 183 |
*/ |
|
| 184 |
private Vector getAccessSubTreeListFromDB() throws Exception |
|
| 185 |
{
|
|
| 186 |
Vector result = new Vector(); |
|
| 187 |
PreparedStatement pstmt = null; |
|
| 188 |
ResultSet rs = null; |
|
| 189 |
String sql = "SELECT controllevel, subtreeid, startnodeid, endnodeid) " + |
|
| 190 |
"FROM xml_accesssubtree WHERE docid like ? " + |
|
| 191 |
"ORDER BY startnodeid ASC"; |
|
| 192 |
|
|
| 193 |
try |
|
| 194 |
{
|
|
| 195 |
|
|
| 196 |
pstmt = connection.prepareStatement(sql); |
|
| 197 |
// Increase DBConnection usage count |
|
| 198 |
connection.increaseUsageCount(1); |
|
| 199 |
// Bind the values to the query |
|
| 200 |
pstmt.setString(1, docid); |
|
| 201 |
pstmt.execute(); |
|
| 202 |
|
|
| 203 |
// Get result set |
|
| 204 |
rs = pstmt.getResultSet(); |
|
| 205 |
while (rs.next()) |
|
| 206 |
{
|
|
| 207 |
String level = rs.getString(1); |
|
| 208 |
String sectionId = rs.getString(2); |
|
| 209 |
long startNodeId = rs.getLong(3); |
|
| 210 |
long endNodeId = rs.getLong(4); |
|
| 211 |
// create a new access section |
|
| 212 |
AccessSection accessObj = new AccessSection(); |
|
| 213 |
accessObj.setControlLevel(level); |
|
| 214 |
accessObj.setDocId(docid); |
|
| 215 |
accessObj.setSubTreeId(sectionId); |
|
| 216 |
accessObj.setStartNodeId(startNodeId); |
|
| 217 |
accessObj.setEndNodeId(endNodeId); |
|
| 218 |
Stack nodeStack = accessObj.getSubTreeNodeList(); |
|
| 219 |
accessObj.setSubTreeNodeStack(nodeStack); |
|
| 220 |
// add this access obj into vector |
|
| 221 |
result.add(accessObj); |
|
| 222 |
// Get the top level access subtree control |
|
| 223 |
if ( level != null && level.equals(TOPLEVEL)) |
|
| 224 |
{
|
|
| 225 |
topAccessSection = accessObj; |
|
| 226 |
} |
|
| 227 |
} |
|
| 228 |
pstmt.close(); |
|
| 229 |
}//try |
|
| 230 |
catch (SQLException e) |
|
| 231 |
{
|
|
| 232 |
throw new |
|
| 233 |
SAXException("EMLSAXHandler.getAccessSubTreeListFromDB(): " +
|
|
| 234 |
e.getMessage()); |
|
| 235 |
}//catch |
|
| 236 |
finally |
|
| 237 |
{
|
|
| 238 |
try |
|
| 239 |
{
|
|
| 240 |
pstmt.close(); |
|
| 241 |
} |
|
| 242 |
catch(SQLException ee) |
|
| 243 |
{
|
|
| 244 |
throw new |
|
| 245 |
SAXException("EMLSAXHandler.getAccessSubTreeListFromDB(): " +
|
|
| 246 |
ee.getMessage()); |
|
| 247 |
} |
|
| 248 |
}//finally |
|
| 249 |
return result; |
|
| 250 |
} |
|
| 165 | 251 |
/** SAX Handler that is called at the start of each XML element */ |
| 166 | 252 |
public void startElement(String uri, String localName, |
| 167 | 253 |
String qName, Attributes atts) |
| ... | ... | |
| 431 | 517 |
accessObject.setPermissionOrder(permOrder); |
| 432 | 518 |
// set access id |
| 433 | 519 |
String accessId = currentNode.getAttribute(ID); |
| 434 |
accessObject.setAccessSectionId(accessId);
|
|
| 435 |
accessObject.setAccessSectionStartNodeId(startNodeId);
|
|
| 520 |
accessObject.setSubTreeId(accessId);
|
|
| 521 |
accessObject.setStartNodeId(startNodeId); |
|
| 436 | 522 |
|
| 437 | 523 |
} |
| 438 | 524 |
// Set up a access rule for allow |
| ... | ... | |
| 805 | 891 |
else if (currentTag.equals(ACCESS)) |
| 806 | 892 |
{
|
| 807 | 893 |
// finish parse a access setction and assign it to new one |
| 808 |
accessObject.setAccessSectionEndNodeId(endNodeId);
|
|
| 894 |
accessObject.setEndNodeId(endNodeId); |
|
| 809 | 895 |
AccessSection newAccessObject = accessObject; |
| 810 | 896 |
if (newAccessObject != null) |
| 811 | 897 |
{
|
| ... | ... | |
| 1037 | 1123 |
if ( accessSection != null ) |
| 1038 | 1124 |
{
|
| 1039 | 1125 |
AccessSection accessSectionObj = (AccessSection)accessSection; |
| 1126 |
// write the top level access module into xml_accesssubtree to store info |
|
| 1127 |
// and then when update to check if the user can update it or not |
|
| 1128 |
deleteAccessSubTreeRecord(docid); |
|
| 1129 |
writeAccessSubTreeIntoDB(accessSectionObj,TOPLEVEL); |
|
| 1130 |
|
|
| 1040 | 1131 |
// if accessSection is not null and is not reference |
| 1041 | 1132 |
if ( accessSectionObj.getReferences() == null) |
| 1042 | 1133 |
{
|
| ... | ... | |
| 1054 | 1145 |
for (int i=0; i<accessObjectList.size(); i++) |
| 1055 | 1146 |
{
|
| 1056 | 1147 |
AccessSection accessObj = (AccessSection)accessObjectList.elementAt(i); |
| 1057 |
String accessObjId = accessObj.getAccessSectionId();
|
|
| 1148 |
String accessObjId = accessObj.getSubTreeId();
|
|
| 1058 | 1149 |
if (referenceId != null && accessObj != null && |
| 1059 | 1150 |
referenceId.equals(accessObjId)) |
| 1060 | 1151 |
{
|
| 1061 | 1152 |
writeGivenAccessRuleIntoDB(accessObj, top, subSectionId); |
| 1153 |
// write the reference access into xml_accesssubtree too |
|
| 1154 |
writeAccessSubTreeIntoDB(accessObj, SUBTREELEVEL); |
|
| 1062 | 1155 |
findAccessObject = true; |
| 1063 | 1156 |
} |
| 1064 | 1157 |
}//for |
| ... | ... | |
| 1139 | 1232 |
{
|
| 1140 | 1233 |
AccessSection accessObj = |
| 1141 | 1234 |
(AccessSection)accessObjectList.elementAt(i); |
| 1142 |
String accessObjId = accessObj.getAccessSectionId();
|
|
| 1235 |
String accessObjId = accessObj.getSubTreeId();
|
|
| 1143 | 1236 |
MetaCatUtil.debugMessage("access obj id in the list(go through): "
|
| 1144 | 1237 |
+ accessObjId, 35); |
| 1145 | 1238 |
if (referenceId != null && accessObj != null && |
| ... | ... | |
| 1321 | 1414 |
} |
| 1322 | 1415 |
}//deletePermissionsInAccessTable |
| 1323 | 1416 |
|
| 1417 |
|
|
| 1418 |
/* In order to make sure only usr has "all" permission can update access |
|
| 1419 |
* subtree in eml document we need to keep access subtree info in |
|
| 1420 |
* xml_accesssubtree table, such as docid, version, startnodeid, endnodeid |
|
| 1421 |
*/ |
|
| 1422 |
private void writeAccessSubTreeIntoDB(AccessSection accessSection, |
|
| 1423 |
String level) |
|
| 1424 |
throws SAXException |
|
| 1425 |
{
|
|
| 1426 |
if (accessSection == null) |
|
| 1427 |
{
|
|
| 1428 |
throw new SAXException("The access object is null");
|
|
| 1429 |
} |
|
| 1430 |
|
|
| 1431 |
String sql = null; |
|
| 1432 |
PreparedStatement pstmt = null; |
|
| 1433 |
sql = "INSERT INTO xml_accesssubtree (docid, rev, controllevel, "+ |
|
| 1434 |
"subtreeid, startnodeid, endnodeid) VALUES " + |
|
| 1435 |
" (?, ?, ?, ?, ?, ?)"; |
|
| 1436 |
try |
|
| 1437 |
{
|
|
| 1438 |
|
|
| 1439 |
pstmt = connection.prepareStatement(sql); |
|
| 1440 |
// Increase DBConnection usage count |
|
| 1441 |
connection.increaseUsageCount(1); |
|
| 1442 |
long startNodeId = accessSection.getStartNodeId(); |
|
| 1443 |
long endNodeId = accessSection.getEndNodeId(); |
|
| 1444 |
String sectionId = accessSection.getSubTreeId(); |
|
| 1445 |
// Bind the values to the query |
|
| 1446 |
pstmt.setString(1, docid); |
|
| 1447 |
MetaCatUtil.debugMessage("Docid in access-subtreetable: "+ docid, 35);
|
|
| 1448 |
pstmt.setString(2, revision ); |
|
| 1449 |
MetaCatUtil.debugMessage("rev in accesssubtreetable: "+ revision, 35);
|
|
| 1450 |
pstmt.setString(3, level); |
|
| 1451 |
MetaCatUtil.debugMessage("contorl level in access-subtree table: "+
|
|
| 1452 |
level, 35); |
|
| 1453 |
pstmt.setString(4, sectionId); |
|
| 1454 |
MetaCatUtil.debugMessage("Subtree id in access-subtree table: "+
|
|
| 1455 |
sectionId, 35); |
|
| 1456 |
pstmt.setLong(5, startNodeId); |
|
| 1457 |
MetaCatUtil.debugMessage("Start node id is: " + startNodeId, 35);
|
|
| 1458 |
pstmt.setLong(6, endNodeId); |
|
| 1459 |
MetaCatUtil.debugMessage("End node id is: " + endNodeId, 35);
|
|
| 1460 |
pstmt.execute(); |
|
| 1461 |
pstmt.close(); |
|
| 1462 |
}//try |
|
| 1463 |
catch (SQLException e) |
|
| 1464 |
{
|
|
| 1465 |
throw new |
|
| 1466 |
SAXException("EMLSAXHandler.writeAccessSubTreeIntoDB(): " +
|
|
| 1467 |
e.getMessage()); |
|
| 1468 |
}//catch |
|
| 1469 |
finally |
|
| 1470 |
{
|
|
| 1471 |
try |
|
| 1472 |
{
|
|
| 1473 |
pstmt.close(); |
|
| 1474 |
} |
|
| 1475 |
catch(SQLException ee) |
|
| 1476 |
{
|
|
| 1477 |
throw new |
|
| 1478 |
SAXException("EMLSAXHandler.writeAccessSubTreeIntoDB(): " +
|
|
| 1479 |
ee.getMessage()); |
|
| 1480 |
} |
|
| 1481 |
}//finally |
|
| 1482 |
|
|
| 1483 |
}//writeAccessSubtreeIntoDB |
|
| 1484 |
|
|
| 1485 |
/* Delete every access subtree record from xml_accesssubtree.*/ |
|
| 1486 |
private void deleteAccessSubTreeRecord(String docId) throws SAXException |
|
| 1487 |
{
|
|
| 1488 |
Statement stmt = null; |
|
| 1489 |
try |
|
| 1490 |
{
|
|
| 1491 |
// delete all acl records for resources related to @aclid if any |
|
| 1492 |
stmt = connection.createStatement(); |
|
| 1493 |
// Increase DBConnection usage count |
|
| 1494 |
connection.increaseUsageCount(1); |
|
| 1495 |
stmt.execute("DELETE FROM xml_accesssubtree WHERE docid = '" + docId + "'");
|
|
| 1496 |
|
|
| 1497 |
} |
|
| 1498 |
catch (SQLException e) |
|
| 1499 |
{
|
|
| 1500 |
throw new SAXException(e.getMessage()); |
|
| 1501 |
} |
|
| 1502 |
finally |
|
| 1503 |
{
|
|
| 1504 |
try |
|
| 1505 |
{
|
|
| 1506 |
stmt.close(); |
|
| 1507 |
} |
|
| 1508 |
catch (SQLException ee) |
|
| 1509 |
{
|
|
| 1510 |
throw new SAXException(ee.getMessage()); |
|
| 1511 |
} |
|
| 1512 |
} |
|
| 1513 |
}//deleteAccessSubTreeRecord |
|
| 1514 |
|
|
| 1324 | 1515 |
// write inline data into file system and return file name(without path) |
| 1325 | 1516 |
private StringBuffer writeInlineDataIntoFile(StringBuffer data) |
| 1326 | 1517 |
throws SAXException |
Also available in: Unified diff
Add code to handle update access subtree.