Project

General

Profile

« Previous | Next » 

Revision 2793

Added by sgarg over 18 years ago

fix for the access control check - earlier only permission 4 and 7 were checked for read. Now the query checks for permissions 5 and 6 also

View differences:

src/edu/ucsb/nceas/metacat/QuerySpecification.java
265 265
        if (userName != null && !userName.equals("")) {
266 266
            allowQuery = allowQuery + "(lower(principal_name) = '" + userName
267 267
                    + "' AND perm_type = 'allow'"
268
                    + " AND (permission='4' OR permission='7'))";
268
                    + " AND (permission='4' OR permission='5' " 
269
                    + "OR permission='6' OR permission='7'))";
269 270
        }
270 271
        // add allow rule for public
271 272
        allowQuery = allowQuery + "OR (lower(principal_name) = '" + PUBLIC
272 273
                + "' AND perm_type = 'allow'"
273
                + " AND (permission='4' OR permission='7'))";
274
                + " AND (permission='4' OR permission='5' " 
275
                + "OR permission='6' OR permission='7'))";
274 276

  
275 277
        // add allow rule for group
276 278
        if (group != null) {
......
280 282
                    groupUint = groupUint.toLowerCase();
281 283
                    allowQuery = allowQuery + " OR (lower(principal_name) = '"
282 284
                            + groupUint + "' AND perm_type = 'allow'"
283
                            + " AND (permission='4' OR permission='7'))";
285
                	    + " AND (permission='4' OR permission='5' " 
286
                            + "OR permission='6' OR permission='7'))";
284 287
                }//if
285 288
            }//for
286 289
        }//if
......
313 316
            denyQuery = denyQuery + "(lower(principal_name) = '" + userName
314 317
                    + "' AND perm_type = 'deny' "
315 318
                    + "AND perm_order ='allowFirst'"
316
                    + " AND (permission='4' OR permission='7'))";
319
                    + " AND (permission='4' OR permission='5' " 
320
                    + "OR permission='6' OR permission='7'))";
317 321
        }
318 322
        // add deny rule for public
319 323
        denyQuery = denyQuery + "OR (lower(principal_name) = '" + PUBLIC
320 324
                + "' AND perm_type = 'deny' " + "AND perm_order ='allowFirst'"
321
                + " AND (permission='4' OR permission='7'))";
325
                + " AND (permission='4' OR permission='5' " 
326
                + "OR permission='6' OR permission='7'))";
322 327

  
323 328
        // add allow rule for group
324 329
        if (group != null) {
......
329 334
                    denyQuery = denyQuery + " OR (lower(principal_name) = '"
330 335
                            + groupUint + "' AND perm_type = 'deny' "
331 336
                            + "AND perm_order ='allowFirst'"
332
                            + " AND (permission='4' OR permission='7'))";
337
                	    + " AND (permission='4' OR permission='5' " 
338
                            + "OR permission='6' OR permission='7'))";
333 339
                }//if
334 340
            }//for
335 341
        }//if

Also available in: Unified diff