Revision 1541
Added by Jing Tao over 21 years ago
| src/edu/ucsb/nceas/metacat/PermissionController.java | ||
|---|---|---|
| 158 | 158 |
|
| 159 | 159 |
//if the requested document is access documents and requested permission |
| 160 | 160 |
//is "write", the user should have "all" right |
| 161 |
|
|
| 161 | 162 |
if (isAccessDocument(docId) && (permission == AccessControlInterface.WRITE)) |
| 162 | 163 |
{
|
| 164 |
|
|
| 163 | 165 |
hasPermission = hasPermission(userPackage,docId, 7);// 7 is all permission |
| 164 | 166 |
}//if |
| 165 | 167 |
else //in other situation, just check the request permission |
| 166 | 168 |
{
|
| 167 | 169 |
|
| 170 |
|
|
| 168 | 171 |
// Check for @permission on @docid for @user and/or @groups |
| 169 | 172 |
hasPermission = hasPermission(userPackage,docId, permission); |
| 170 | 173 |
|
| ... | ... | |
| 205 | 208 |
{
|
| 206 | 209 |
//if it is allowfirst and has deny rule(either explicit ) |
| 207 | 210 |
//deny access |
| 211 |
|
|
| 208 | 212 |
return false; |
| 209 | 213 |
}//if |
| 210 | 214 |
else if ( hasAllowRule(principals, docId, permission, startId)) |
| 211 | 215 |
{
|
| 212 | 216 |
//if it is allowfirst and hasn't deny rule and has allow rule |
| 213 | 217 |
//allow access |
| 218 |
|
|
| 214 | 219 |
return true; |
| 215 | 220 |
}//else if |
| 216 | 221 |
else |
| 217 | 222 |
{
|
| 218 | 223 |
//other situation deny access |
| 224 |
|
|
| 219 | 225 |
return false; |
| 220 | 226 |
}//else |
| 221 | 227 |
}//if isAllowFirst |
| ... | ... | |
| 449 | 455 |
//check out DBConnection |
| 450 | 456 |
conn=DBConnectionPool.getDBConnection("PermissionControl.isAccessDoc");
|
| 451 | 457 |
serialNumber=conn.getCheckOutSerialNumber(); |
| 452 |
pStmt = conn.prepareStatement("select 'x' from xml_access where " +
|
|
| 453 |
"accessfileid like '" + docId + "'");
|
|
| 458 |
pStmt = conn.prepareStatement("select doctype from xml_documents where " +
|
|
| 459 |
"docid like '" + docId + "'");
|
|
| 454 | 460 |
pStmt.execute(); |
| 455 | 461 |
ResultSet rs = pStmt.getResultSet(); |
| 456 | 462 |
boolean hasRow = rs.next(); |
| 463 |
String doctype = null; |
|
| 464 |
if (hasRow) |
|
| 465 |
{
|
|
| 466 |
doctype = rs.getString(1); |
|
| 467 |
|
|
| 468 |
} |
|
| 457 | 469 |
pStmt.close(); |
| 458 |
if(hasRow) |
|
| 470 |
|
|
| 471 |
// if it is an access document |
|
| 472 |
if (doctype != null && ((MetaCatUtil.getOptionList(MetaCatUtil. |
|
| 473 |
getOption("accessdoctype")).contains(doctype))))
|
|
| 459 | 474 |
{
|
| 475 |
|
|
| 460 | 476 |
return true; |
| 461 | 477 |
} |
| 478 |
|
|
| 462 | 479 |
} |
| 463 | 480 |
catch(SQLException e) |
| 464 | 481 |
{
|
| ... | ... | |
| 478 | 495 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
| 479 | 496 |
} |
| 480 | 497 |
} |
| 498 |
|
|
| 481 | 499 |
return false; |
| 482 | 500 |
}//isAccessDocument |
| 483 | 501 |
|
| ... | ... | |
| 712 | 730 |
while (rs.next())//check every entry for one user |
| 713 | 731 |
{
|
| 714 | 732 |
permissionValueInTable=rs.getInt(1); |
| 715 |
|
|
| 733 |
|
|
| 716 | 734 |
//permission is ok |
| 717 | 735 |
//the user have a permission to access the file |
| 718 | 736 |
if (( permissionValueInTable & permissionValue )== permissionValue ) |
| 719 | 737 |
{
|
| 738 |
|
|
| 720 | 739 |
allow=true;//has allow rule entry |
| 721 | 740 |
}//if |
| 722 | 741 |
}//while |
Also available in: Unified diff
Fixed bug to decide if a document is a accesss document.