Revision 3313
Added by Jing Tao over 17 years ago
src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
---|---|---|
271 | 271 |
private String constructAllowString() |
272 | 272 |
{ |
273 | 273 |
String allowQuery = ""; |
274 |
// add allow rule for user name |
|
275 |
if (userName != null && !userName.equals("")) { |
|
276 |
allowQuery = allowQuery + "(lower(principal_name) = '" + userName |
|
277 |
+ "' AND perm_type = 'allow'" |
|
278 |
+ " AND (permission='4' OR permission='5' " |
|
279 |
+ "OR permission='6' OR permission='7'))"; |
|
274 |
|
|
275 |
// add public |
|
276 |
allowQuery = "(lower(principal_name) = '" + PUBLIC |
|
277 |
+ "'"; |
|
278 |
|
|
279 |
// add user name |
|
280 |
if (userName != null && !userName.equals("") && !userName.equalsIgnoreCase(PUBLIC)) { |
|
281 |
allowQuery = allowQuery + "OR lower(principal_name) = '" + userName +"'"; |
|
282 |
|
|
280 | 283 |
} |
281 |
// add allow rule for public |
|
282 |
allowQuery = allowQuery + "OR (lower(principal_name) = '" + PUBLIC |
|
283 |
+ "' AND perm_type = 'allow'" |
|
284 |
+ " AND (permission='4' OR permission='5' " |
|
285 |
+ "OR permission='6' OR permission='7'))"; |
|
286 |
|
|
287 |
// add allow rule for group |
|
284 |
// add group |
|
288 | 285 |
if (group != null) { |
289 | 286 |
for (int i = 0; i < group.length; i++) { |
290 | 287 |
String groupUint = group[i]; |
291 | 288 |
if (groupUint != null && !groupUint.equals("")) { |
292 | 289 |
groupUint = groupUint.toLowerCase(); |
293 |
allowQuery = allowQuery + " OR (lower(principal_name) = '" |
|
294 |
+ groupUint + "' AND perm_type = 'allow'" |
|
295 |
+ " AND (permission='4' OR permission='5' " |
|
296 |
+ "OR permission='6' OR permission='7'))"; |
|
290 |
allowQuery = allowQuery + " OR lower(principal_name) = '" |
|
291 |
+ groupUint + "'"; |
|
297 | 292 |
}//if |
298 | 293 |
}//for |
299 | 294 |
}//if |
295 |
// add allow rule |
|
296 |
allowQuery = allowQuery + ") AND perm_type = 'allow'" + " AND permission > 3"; |
|
300 | 297 |
logMetacat.info("allow string is: " + allowQuery); |
301 | 298 |
return allowQuery; |
302 | 299 |
} |
... | ... | |
321 | 318 |
private String constructDenyString() |
322 | 319 |
{ |
323 | 320 |
String denyQuery = ""; |
324 |
// add deny rule for user name |
|
325 |
if (userName != null && !userName.equals("")) { |
|
326 |
denyQuery = denyQuery + "(lower(principal_name) = '" + userName |
|
327 |
+ "' AND perm_type = 'deny' " |
|
328 |
+ "AND perm_order ='allowFirst'" |
|
329 |
+ " AND (permission='4' OR permission='5' " |
|
330 |
+ "OR permission='6' OR permission='7'))"; |
|
331 |
} |
|
332 |
// add deny rule for public |
|
333 |
denyQuery = denyQuery + "OR (lower(principal_name) = '" + PUBLIC |
|
334 |
+ "' AND perm_type = 'deny' " + "AND perm_order ='allowFirst'" |
|
335 |
+ " AND (permission='4' OR permission='5' " |
|
336 |
+ "OR permission='6' OR permission='7'))"; |
|
337 |
|
|
338 |
// add allow rule for group |
|
339 |
if (group != null) { |
|
340 |
for (int i = 0; i < group.length; i++) { |
|
341 |
String groupUint = group[i]; |
|
342 |
if (groupUint != null && !groupUint.equals("")) { |
|
343 |
groupUint = groupUint.toLowerCase(); |
|
344 |
denyQuery = denyQuery + " OR (lower(principal_name) = '" |
|
345 |
+ groupUint + "' AND perm_type = 'deny' " |
|
346 |
+ "AND perm_order ='allowFirst'" |
|
347 |
+ " AND (permission='4' OR permission='5' " |
|
348 |
+ "OR permission='6' OR permission='7'))"; |
|
349 |
}//if |
|
350 |
}//for |
|
351 |
}//if |
|
352 |
return denyQuery; |
|
321 |
|
|
322 |
// add public |
|
323 |
denyQuery = "(lower(principal_name) = '" + PUBLIC |
|
324 |
+ "'"; |
|
325 |
|
|
326 |
// add user name |
|
327 |
if (userName != null && !userName.equals("") && !userName.equalsIgnoreCase(PUBLIC)) { |
|
328 |
denyQuery = denyQuery + "OR lower(principal_name) = '" + userName +"'"; |
|
329 |
|
|
330 |
} |
|
331 |
// add groups |
|
332 |
if (group != null) { |
|
333 |
for (int i = 0; i < group.length; i++) { |
|
334 |
String groupUint = group[i]; |
|
335 |
if (groupUint != null && !groupUint.equals("")) { |
|
336 |
groupUint = groupUint.toLowerCase(); |
|
337 |
denyQuery = denyQuery + " OR lower(principal_name) = '" |
|
338 |
+ groupUint + "'"; |
|
339 |
}//if |
|
340 |
}//for |
|
341 |
}//if |
|
342 |
// add deny rules |
|
343 |
denyQuery = denyQuery + ") AND perm_type = 'deny'" + " AND perm_order ='allowFirst'" +" AND permission > 3"; |
|
344 |
logMetacat.info("allow string is: " + denyQuery); |
|
345 |
return denyQuery; |
|
346 |
|
|
353 | 347 |
} |
354 | 348 |
|
355 | 349 |
/** |
... | ... | |
365 | 359 |
String onwer = createOwerQuery(); |
366 | 360 |
String allow = createAllowRuleQuery(); |
367 | 361 |
String deny = createDenyRuleQuery(); |
362 |
//logMetacat.warn("onwer " +onwer); |
|
363 |
//logMetacat.warn("allow "+allow); |
|
364 |
//logMetacat.warn("deny "+deny); |
|
368 | 365 |
if (onwer != null) |
369 | 366 |
{ |
370 | 367 |
accessQuery = " AND (docid IN(" + onwer + ")"; |
... | ... | |
376 | 373 |
accessQuery = " AND (docid IN (" + allow + ")" |
377 | 374 |
+ " AND docid NOT IN (" + deny + "))"; |
378 | 375 |
} |
379 |
logMetacat.info("accessquery is: " + accessQuery);
|
|
376 |
logMetacat.warn("accessquery is: " + accessQuery);
|
|
380 | 377 |
return accessQuery; |
381 | 378 |
} |
382 | 379 |
|
Also available in: Unified diff
Revised the access query part.