Revision 2793
Added by sgarg about 19 years ago
| src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
|---|---|---|
| 265 | 265 |
if (userName != null && !userName.equals("")) {
|
| 266 | 266 |
allowQuery = allowQuery + "(lower(principal_name) = '" + userName |
| 267 | 267 |
+ "' AND perm_type = 'allow'" |
| 268 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 268 |
+ " AND (permission='4' OR permission='5' " |
|
| 269 |
+ "OR permission='6' OR permission='7'))"; |
|
| 269 | 270 |
} |
| 270 | 271 |
// add allow rule for public |
| 271 | 272 |
allowQuery = allowQuery + "OR (lower(principal_name) = '" + PUBLIC |
| 272 | 273 |
+ "' AND perm_type = 'allow'" |
| 273 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 274 |
+ " AND (permission='4' OR permission='5' " |
|
| 275 |
+ "OR permission='6' OR permission='7'))"; |
|
| 274 | 276 |
|
| 275 | 277 |
// add allow rule for group |
| 276 | 278 |
if (group != null) {
|
| ... | ... | |
| 280 | 282 |
groupUint = groupUint.toLowerCase(); |
| 281 | 283 |
allowQuery = allowQuery + " OR (lower(principal_name) = '" |
| 282 | 284 |
+ groupUint + "' AND perm_type = 'allow'" |
| 283 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 285 |
+ " AND (permission='4' OR permission='5' " |
|
| 286 |
+ "OR permission='6' OR permission='7'))"; |
|
| 284 | 287 |
}//if |
| 285 | 288 |
}//for |
| 286 | 289 |
}//if |
| ... | ... | |
| 313 | 316 |
denyQuery = denyQuery + "(lower(principal_name) = '" + userName |
| 314 | 317 |
+ "' AND perm_type = 'deny' " |
| 315 | 318 |
+ "AND perm_order ='allowFirst'" |
| 316 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 319 |
+ " AND (permission='4' OR permission='5' " |
|
| 320 |
+ "OR permission='6' OR permission='7'))"; |
|
| 317 | 321 |
} |
| 318 | 322 |
// add deny rule for public |
| 319 | 323 |
denyQuery = denyQuery + "OR (lower(principal_name) = '" + PUBLIC |
| 320 | 324 |
+ "' AND perm_type = 'deny' " + "AND perm_order ='allowFirst'" |
| 321 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 325 |
+ " AND (permission='4' OR permission='5' " |
|
| 326 |
+ "OR permission='6' OR permission='7'))"; |
|
| 322 | 327 |
|
| 323 | 328 |
// add allow rule for group |
| 324 | 329 |
if (group != null) {
|
| ... | ... | |
| 329 | 334 |
denyQuery = denyQuery + " OR (lower(principal_name) = '" |
| 330 | 335 |
+ groupUint + "' AND perm_type = 'deny' " |
| 331 | 336 |
+ "AND perm_order ='allowFirst'" |
| 332 |
+ " AND (permission='4' OR permission='7'))"; |
|
| 337 |
+ " AND (permission='4' OR permission='5' " |
|
| 338 |
+ "OR permission='6' OR permission='7'))"; |
|
| 333 | 339 |
}//if |
| 334 | 340 |
}//for |
| 335 | 341 |
}//if |
Also available in: Unified diff
fix for the access control check - earlier only permission 4 and 7 were checked for read. Now the query checks for permissions 5 and 6 also