Metacat

import java.sql.SQLException;

import java.sql.ResultSet;

/**

 * A Class that represents an XML Subtree

  protected long   startNodeId = -1;

  protected long   endNodeId =   -1;

  private Stack  subTreeNodeStack = null;

    /**

     * Defualt constructor

     */

    public SubTree()

    {

    }

    /**

     * Constructor of subtree

     */

                  long myStartNodeId, long myEndNodeId)

    {

      this.docId = myDocId;

      MetaCatUtil.debugMessage("Docid of Subtree: " + docId, 30);

      MetaCatUtil.debugMessage("start node id of Subtree: " + startNodeId, 30);

      this.endNodeId = myEndNodeId;

      MetaCatUtil.debugMessage("end node id of subtree: " + endNodeId, 30);

    }

    /**

     * Get subtree node stack

     */

    {

      return this.subTreeNodeStack;

    }

    /**

     * Set subtree node stack

     */

    {

      this.subTreeNodeStack = myStack;

    }

    /** Set the a docId */

    public void setDocId(String myId)

    {

    }

    /** Get the docId */

    {

      return this.docId;

    }

    /** Set the a subtreeId */

    public void setSubTreeId(String myId)

    {

    }

    /** Get the subTreeId */

    {

      return this.subTreeId;

    }

     * Set a startElementName

     */

    {

      MetaCatUtil.debugMessage("set start elementname: "+elementName, 35);

      this.startElementName = elementName;

    }

    /**

     * Get startElementName

     */

    {

      return this.startElementName;

    }

    /** Set a start node id */

    public void setStartNodeId(long nodeId)

    {

      MetaCatUtil.debugMessage("set start node id: "+nodeId, 35);

      this.startNodeId = nodeId;

    }

    /** Get start node id */

    public long getStartNodeId()

    {

      return this.startNodeId;

    }

    /** Set a end node id */

    public void setEndNodeId(long nodeId)

    {

      MetaCatUtil.debugMessage("set end node id: "+nodeId, 35);

      this.endNodeId = nodeId;

    }

    /** Get end node id */

    public long getEndNodeId()

    {

      return this.endNodeId;

    }

    /* Put a subtree node into a stack, on top is the start point of subtree*/

    {

       Stack nodeRecordList = new Stack();

       // make sure it works

       PreparedStatement pstmt = null;

       DBConnection dbconn = null;

       int serialNumber = -1;

       long nodeid = 0;

       long parentnodeid = 0;

       long nodeindex = 0;

       String nodeprefix = null;

       String nodedata = null;

       String sql = "SELECT nodeid, parentnodeid, nodeindex, " +

                    "FROM xml_nodes WHERE docid = ? AND nodeid >= ? AND " +

                    "nodeid <= ? ORDER BY nodeid DESC";

       {

         dbconn=DBConnectionPool.

                    getDBConnection("SubTree.getSubTreeNodeList");

         pstmt.execute();

         ResultSet rs = pstmt.getResultSet();

         boolean tableHasRows = rs.next();

         {

           nodeid = rs.getLong(1);

           parentnodeid = rs.getLong(2);

         pstmt.close();

      } //try

      {

        throw new McdbException("Error in SubTree.getSubTreeNodeList 1 " +

                              e.getMessage());

          DBConnectionPool.returnDBConnection(dbconn, serialNumber);

        }

      }//finally

      return nodeRecordList;

    }//getSubtreeNodeList

   /** methods from Comparator interface */

   public int compare(Object o1, Object o2)

   {

     {

       return 0;

     }

   }//cpmpare

   /** method from Comparator interface */

   public boolean equals(Object obj)

   {

       return false;

     }

   }

}

            PermissionController controller = new PermissionController(docId);

            // check top level read permission

            if (!controller.hasPermission(user, groups,

                throw new Exception("User " + user

                        + " doesn't have permission " + " to read document "

                        + docId);

            }

            // Get output stream

            out = response.getOutputStream();

            // read the inline data from the file

                qformat = ((String[]) params.get("qformat"))[0];

            }

            // the param for only metadata (eml)

                String inlineData = ((String[]) params.get("inlinedata"))[0];

                if (inlineData.equalsIgnoreCase("false")) {

                    withInlineData = false;

                }

            if ((docs.length > 1) || qformat.equals("zip")) {

                zip = true;

                out = response.getOutputStream();

/**

 *  '$RCSfile$'

 *    Purpose: A class that handles checking permssision for a document

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Chad Berkley

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

package edu.ucsb.nceas.metacat;

import java.sql.*;

import java.util.Enumeration;

import java.util.Hashtable;

import java.util.Stack;

import java.util.Vector;

public class PermissionController

{

   private boolean hasSubTreeAccessControl = false; // flag if has a subtree

                                                    // access for this docid

   private Vector subTreeList = new Vector();

   private long TOPLEVELSTARTNODEID = 0; //if start node is 0, means it is top

                                         //level document

   /**

    * Constructor for PermissionController

    * @param myDocid      the docid need to access

   {

     // Get rid of rev number

     docId = MetaCatUtil.getSmartDocId(myDocid);

   }

   /**

    * Return if a document has subtree access control

    */

   public boolean hasSubTreeAccessControl()

   {

     return hasSubTreeAccessControl;

   }

  /**

    * Check from db connection if at least one of the list of @principals

    * @param user  the user name

    * @param groups  the groups which the use is in

    * @param myPermission  permission type to check for

    */

                              throws SQLException, Exception

  {

    boolean hasPermission=false;

    String [] userPackage=null;

    int permission =AccessControlList.intValue(myPermission);

    //for the commnad line invocation

    if ((user==null) && (groups==null || groups.length==0))

    {

      return true;

    }

    //create a userpackage including user, public and group member

    userPackage=createUsersPackage(user, groups);

    //if the requested document is access documents and requested permission

    //is "write", the user should have "all" right

    if (isAccessDocument(docId) && (permission == AccessControlInterface.WRITE))

    {

      hasPermission = hasPermission(userPackage,docId, 7);// 7 is all permission

    }//if

    else //in other situation, just check the request permission

    {

      // Check for @permission on @docid for @user and/or @groups

      hasPermission = hasPermission(userPackage,docId, permission);

    }//else

    return hasPermission;

  }

  /**

    * Check from db connection if the users in String array @principals has

    * @param principals, names in userPakcage need to check for @permission

    * @param docid, document identifier to check on

    */

  private boolean hasPermission(String [] principals, String docId,

                                           int permission)

                         throws SQLException

  {

    long startId = TOPLEVELSTARTNODEID;// this is for top level, so startid is 0

    {

      //first, if there is a docid owner in user package, return true

      if (containDocumentOwner(principals, docId))

      {

          return true;

      }

      //If there is no owner in user package, checking the table

      //check perm_order

      if (isAllowFirst(principals, docId, startId))

      {

        if (hasExplicitDenyRule(principals, docId, permission, startId))

        {

          //if it is allowfirst and has deny rule(either explicit )

          //deny access

          return false;

        }//if

        else if ( hasAllowRule(principals, docId, permission, startId))

        {

          //if it is allowfirst and hasn't deny rule and has allow rule

          //allow access

          return true;

        }//else if

        else

        {

          //other situation deny access

          return false;

        }//else

     }//if isAllowFirst

      MetaCatUtil.debugMessage("There is a exception in hasPermission method: "

                         +e.getMessage(), 50);

    }

    return false;

  }//hasPermission

  /**

   * The method to determine of a node can be access by a user just by subtree

   * access control

   */

  {

    boolean flag = true;

    // Get unaccessble subtree for this user

                                                           myPermission);

    Enumeration en = unaccessableSubTree.elements();

    while (en.hasMoreElements())

    return flag;

  }

  /**

   * permssion to access

   * @param user  the user name

   * @param groups  the groups which the use is in

   * @param myPermission  permission type to check for

   */

                                       String myPermission) throws McdbException

  {

    Hashtable resultUnaccessableSubTree = new Hashtable();

    String [] principals=null;

    int permission =AccessControlList.intValue(myPermission);

    //for the commnad line invocation return null(no unaccessable subtree)

    if ((user==null) && (groups==null || groups.length==0))

    {

      return resultUnaccessableSubTree;

    }

    //create a userpackage including user, public and group member

    principals=createUsersPackage(user, groups);

    //for the document owner return null(no unaccessable subtree)

    {

      throw new McdbException(ee);

    }

    // go through every subtree which has access control

    for (int i = 0; i< subTreeList.size(); i++)

    {

      SubTree tree = (SubTree)subTreeList.elementAt(i);

      long startId = tree.getStartNodeId();

        try

        {

          if (isAllowFirst(principals, docId, startId))

          {

            if (hasExplicitDenyRule(principals, docId, permission, startId ))

            {

             //if it is allowfirst and has deny rule

              // put the subtree into unaccessable vector

              if (!resultUnaccessableSubTree.containsKey(new Long(startId)))

            {

              //if it is allowfirst and hasn't deny rule and has allow rule

              //allow access do nothing

            }//else if

            else

            {

              {

                resultUnaccessableSubTree.put(new Long(startId), tree);

              }

            }//else

          }//if isAllowFirst

          else //denyFirst

            if (hasAllowRule(principals, docId, permission,startId))

            {

              //if it is denyFirst and has allow rule, allow access, do nothing

            }

            else

            {

                                   "UnaccessableSubTree "+e.getMessage(), 30);

          throw new McdbException(e);

        }

    }//for

    resultUnaccessableSubTree = mergeEquivalentSubtree(resultUnaccessableSubTree);

    return resultUnaccessableSubTree;

  }//hasUnaccessableSubtree

   * A method to merge nested subtree into bigger one. For example subtree b

   * is a subtree of subtree a. And user doesn't have read permission for both

   * so we only use subtree a is enough.

        String  treeId  = tree.getSubTreeId();

        long    startId = tree.getStartNodeId();

        long    endId   = tree.getEndNodeId();

        Enumeration enu = unAccessSubTree.elements();

        while (enu.hasMoreElements())

        {

          if (startId > subTreeStartId && endId < subTreeEndId)

          {

            needDelete = true;

                                     " need to be get rid of from unaccessable"+

                                     " subtree list becuase it is a subtree of"+

                                     " another subtree in the list", 45);

      return newSubTreeHash;

    }//else

  }

  /**

    * Check if a document id is a access document. Access document need user

    * has "all" permission to access it.

        ResultSet rs = pStmt.getResultSet();

        boolean hasRow = rs.next();

        String doctype = null;

        {

          doctype = rs.getString(1);

        }

        pStmt.close();

        // if it is an access document

        if (doctype != null && ((MetaCatUtil.getOptionList(MetaCatUtil.

           getOption("accessdoctype")).contains(doctype))))

        {

          return true;

        }

      }

      catch(SQLException e)

      {

        throw new SQLException("PermissionControl.isAccessDocument " +

                     "Error checking" +

                     " on document " + docId + ". " + e.getMessage());

          DBConnectionPool.returnDBConnection(conn, serialNumber);

        }

      }

      return false;

    }//isAccessDocument

  /**

    * Check if a stirng array contains a given documents' owner

    * @param principals, a string array storing the username, groups name and

    * public.

  private boolean containDocumentOwner( String[] principals, String docId)

                    throws SQLException

  {

    int lengthOfArray=principals.length;

    PreparedStatement pStmt=null;

    DBConnection conn = null;

    int serialNumber = -1;

    try

    {

      //check out DBConnection

      serialNumber=conn.getCheckOutSerialNumber();

      pStmt = conn.prepareStatement(

                "SELECT 'x' FROM xml_documents " +

      //check every element in the string array too see if it conatains

      //the owner of document

      for (int i=0; i<lengthOfArray; i++)

      {

        // Bind the values to the query

        pStmt.setString(1, docId);

        pStmt.setString(2, principals[i]);

                                  principals[i], 40);

        pStmt.execute();

        ResultSet rs = pStmt.getResultSet();

        hasRow = rs.next();

        {

          pStmt.close();

           MetaCatUtil.debugMessage("find the owner", 40);

          return true;

      }//for

    }//try

    {

        pStmt.close();

        SQLException("PermissionControl.hasPermission(). " +

                     "Error checking ownership for " + principals[0] +

                     " on document #" + docId + ". " + e.getMessage());

        DBConnectionPool.returnDBConnection(conn, serialNumber);

      }

    }

  }//containDocumentOwner

  /**

    * Check if the permission order for user at that documents is allowFirst

    * @param docid, document identifier to check for

    */

                               long startId)

                  throws SQLException, Exception

  {

      sql = "SELECT perm_order FROM xml_access " +

        "WHERE lower(principal_name)= ? AND docid = ? AND startnodeid = ?";

    }

    try

    {

      //check out DBConnection

      conn=DBConnectionPool.getDBConnection("AccessControlList.isAllowFirst");

      serialNumber=conn.getCheckOutSerialNumber();

      //select permission order from database

      pStmt = conn.prepareStatement(sql);

      //check every name in the array

      for (int i=0; i<lengthOfArray;i++)

      {

        //bind value

        pStmt.setString(1, principals[i]);//user name

        pStmt.setString(2, docId);//docid

        if (!topLever)

        {

          pStmt.setLong(3, startId);

        }

        pStmt.execute();

        ResultSet rs = pStmt.getResultSet();

        hasRow=rs.next();

        DBConnectionPool.returnDBConnection(conn, serialNumber);

      }

    }

    //docid. So throw a exception.

    throw new Exception("There is no permission record for user"+principals[0]+

                        "at document "+docId);

  }//isAllowFirst

  /**

    * permission.

    * If it has permission rule and ticket count is greater than 0, the ticket

    * number will decrease one for every allow rule

    * @param docid, document identifier to check for

    * @param permission, the permssion need to check

    */

                                  int permission, long startId)

                  throws SQLException, Exception

 {

   {

     // for toplevel

     topLever = true;

   "AND lower(principal_name) = ? AND perm_type = ? AND startnodeid is NULL";

   }

   else

   {

     topLever =false;

      "AND lower(principal_name) = ? AND perm_type = ? AND startnodeid = ?";

   }

   try

     //check out DBConnection

     conn=DBConnectionPool.getDBConnection("AccessControlList.hasAllowRule");

     serialNumber=conn.getCheckOutSerialNumber();

    //begin_time<=currentTime<=end_time in xml_access table

    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)

    //function will assign begin_time=sysdate

    //bind docid, perm_type

    pStmt.setString(1, docId);

    pStmt.setString(3, AccessControlInterface.ALLOW);

    // if subtree lever, need to set subTreeId

    if (!topLever)

    {

      pStmt.setLong(4, startId);

    }

    //bind every elenment in user name array

    for (int i=0;i<lengthOfArray; i++)

    {

      while (rs.next())//check every entry for one user

      {

        permissionValueInTable=rs.getInt(1);

        //the user have a permission to access the file

        if (( permissionValueInTable & permissionValue )== permissionValue )

        {

           allow=true;//has allow rule entry

        }//if

      }//while

   }

    return allow;

 }//hasAllowRule

   /**

    * and permission. That means the perm_type is deny and current time is

    * less than end_time and greater than begin time, or no time limit.

    * @param docid, document identifier to check for

    * @param permission, the permssion need to check

    */

                                      int permission, long startId)

                  throws SQLException

 {

   int serialNumber = -1;

   String sql = null;

   boolean topLevel = false;

   // decide top level or subtree level

   if (startId == TOPLEVELSTARTNODEID)

   {

     topLevel = true;

    "AND lower(principal_name) = ? AND perm_type = ? AND startnodeid is NULL";

   }

   else

   {

     topLevel = false;

     "AND lower(principal_name) = ? AND perm_type = ? AND startnodeid = ?";

   }

   try

   {

     //check out DBConnection

     conn=DBConnectionPool.getDBConnection("PermissionControl.hasExplicitDeny");

     serialNumber=conn.getCheckOutSerialNumber();

     pStmt = conn.prepareStatement(sql);

    //bind docid, perm_type

    pStmt.setString(1, docId);

    pStmt.setString(3, AccessControlInterface.DENY);

    // subtree level need to set up subtreeid

    if (!topLevel)

    {

      pStmt.setLong(4, startId);

    }

    //bind every elenment in user name array

    for (int i=0;i<lengthOfArray; i++)

    {

      while (rs.next())//check every entry for one user

      {

        permissionValueInTable=rs.getInt(1);

        //permission is ok the user doesn't have permission to access the file

        if (( permissionValueInTable & permissionValue )== permissionValue )

        {

           pStmt.close();

           return true;

     }

   }//finally

   return false;//no deny rule

  /**

    * Creat a users pakages to check permssion rule, user itself, public and

    * the gourps the user belong will be include in this package

  {

    String [] usersPackage=null;

    int lengthOfPackage;

    if (groups!=null)

    {

      //So the length of userPackage is the length of group plus two

      if (!user.equalsIgnoreCase(AccessControlInterface.PUBLIC))

      {

        {

          usersPackage[0]= user.toLowerCase();

          MetaCatUtil.debugMessage("after transfer to lower case(not null): "+

        }

        else

        {

          }

        } //for

      }//else user=public

    }//if groups!=null

    else

    {

    }//else groups==null

    return usersPackage;

  }//createUsersPackage

  /**

   */

  {

      {

      }

}

    StringWriter docwriter = new StringWriter();

    String userName = null;

    String[] groupNames = null;

    try

    {

      this.toXml(docwriter, userName, groupNames, withInlineData);

   * Print a text representation of the XML document to a Writer

   *

   * @param pw the Writer to which we print the document

   */

  public void toXml(Writer pw, String user, String[] groups, boolean withInLineData)

                                                          throws McdbException

    MetaCatUtil util = new MetaCatUtil();

    // Here add code to handle subtree access control

    Hashtable unaccessableSubTree =control.hasUnaccessableSubTree(user, groups,

                                             AccessControlInterface.READSTRING);

    else

    {

      nodeRecordLists = getNodeRecordList(rootnodeid);

    Stack openElements = new Stack();

    boolean atRootElement = true;

    boolean previousNodeWasElement = false;

      // Handle the TEXT nodes

      } else if (currentNode.nodetype.equals("TEXT")) {

          out.print(">");

        }

        {

          out.print(currentNode.nodedata);

        }

        else

        {

          String fileName = currentNode.nodedata;

          try

          {

            {

            }

          }

          {

            throw new McdbException(e.getMessage());

          }

        previousNodeWasElement = false;

      // Handle the COMMENT nodes

      } else if (currentNode.nodetype.equals("COMMENT")) {

        if (previousNodeWasElement) {

      MetaCatUtil.debugMessage("Start deleting doc "+docid+ "...", 20);

    // check for 'write' permission for 'user' to delete this document

        throw new Exception("User " + user +

              " does not have permission to delete XML Document #" + accnum);

      }

      pstmt.close();

      conn.increaseUsageCount(1);

      // Delete it from relation table

      pstmt = conn.

               prepareStatement("DELETE FROM xml_relation WHERE docid = ?");

                                            AccessControlInterface.READSTRING);

  }