Project

General

Profile

« Previous | Next » 

Revision 425

Added by bojilova over 23 years ago

storing user_owner and user_updated where needed
new function in DocumentImpl checking for "write" perm on UPDATE or DELETE
added delete from xml_index of the old version of docid on UPDATE

View differences:

MetaCatServlet.java
217 217 
    // by looking up the current session information for all actions
218 218 
    // other than "Login" and "Logout"
219 219 
    // handle login action
220 
    String username = null;
221 
    String groupname = null;
220 222 
    if (action.equals("Login") || action.equals("Login Client")) {
221 223 
      handleLoginAction(out, params, request, response);
222 224 
    // handle logout action
......
241 243 
        // redirect to default page for query only access
242 244 

  		




  243
  245
  
    
      //  response.sendRedirect(htmlpath + "/sexpire.html");


  		




  244
  
  
    

  		




  245
  
  
    
      } 


  		




  
  246
  
    
      } else {


  		




  
  247
  
    
        username = (String)sess.getAttribute("username");


  		




  
  248
  
    
        groupname = (String)sess.getAttribute("groupname");


  		




  
  249
  
    
      }  


  		




  246
  250
  
    
    }    


  		




  247
  251
  
    

  		




  248
  252
  
    
    // Now that we know the session is valid, we can delegate the request


  		




  ......




  272
  276
  
    
        out.println(se.getMessage());


  		




  273
  277
  
    
      }


  		




  274
  278
  
    
    } else if (action.equals("insert") || action.equals("update")) {


  		




  275
  
  
    
      handleInsertOrUpdateAction(out, params, response);


  		




  
  279
  
    
      if ( !username.equals("public") && (username != null) ) {


  		




  
  280
  
    
        handleInsertOrUpdateAction(out, params, response, username, groupname);


  		




  
  281
  
    
      } else {  


  		




  
  282
  
    
        out.println("Permission denied for " + action);


  		




  
  283
  
    
      }  


  		




  276
  284
  
    
    } else if (action.equals("delete")) {


  		




  277
  
  
    
      handleDeleteAction(out, params, response);


  		




  
  285
  
    
      if ( !username.equals("public") && (username != null) ) {


  		




  
  286
  
    
        handleDeleteAction(out, params, response, username, groupname);


  		




  
  287
  
    
      } else {  


  		




  
  288
  
    
        out.println("Permission denied for " + action);


  		




  
  289
  
    
      }  


  		




  278
  290
  
    
    } else if (action.equals("validate")) {


  		




  279
  291
  
    
      handleValidateAction(out, params, response);  


  		




  280
  292
  
    
    } else if (action.equals("getdatadoc")) {


  		




  ......




  396
  408
  
    
    Hashtable doclist = runQuery(xmlquery);


  		




  397
  409
  
    
    String qformat = ((String[])params.get("qformat"))[0]; 


  		




  398
  410
  
    
    String resultdoc = createResultDocument(doclist, transformQuery(params));


  		




  
  411
  
    

  		




  399
  412
  
    
    //format and transform the results                                        


  		




  400
  413
  
    
    if(qformat.equals("html")) {


  		




  401
  414
  
    
      transformResultset(resultdoc, response, out);


  		




  ......




  575
  588
  
    
   * to the database connection


  		




  576
  589
  
    
   */


  		




  577
  590
  
    
  private void handleInsertOrUpdateAction(PrintWriter out, Hashtable params, 


  		




  578
  
  
    
               HttpServletResponse response) {


  		




  
  591
  
    
               HttpServletResponse response, String user, String group) {


  		




  579
  592
  
    

  		




  580
  593
  
    
    Connection conn = null;


  		




  581
  594
  
    

  		




  ......




  607
  620
  
    
                if (accNumber.equals("")) {


  		




  608
  621
  
    
                    accNumber = null;


  		




  609
  622
  
    
                }


  		




  610
  
  
    
                newdocid = DocumentImpl.write(conn, xml, doAction, accNumber);  


  		




  
  623
  
    
                newdocid = DocumentImpl.write(conn, xml, doAction, accNumber, 


  		




  
  624
  
    
                                                                  user, group);


  		




  611
  625
  
    
            } catch (NullPointerException npe) {


  		




  612
  
  
    
              newdocid = DocumentImpl.write(conn, xml, doAction, null);


  		




  
  626
  
    
              newdocid = DocumentImpl.write(conn,xml,doAction,null,user,group);


  		




  613
  627
  
    
            }


  		




  614
  628
  
    
        } catch (Exception e) {


  		




  615
  629
  
    
          response.setContentType("text/html");


  		




  ......




  653
  667
  
    
   * from the database connection


  		




  654
  668
  
    
   */


  		




  655
  669
  
    
  private void handleDeleteAction(PrintWriter out, Hashtable params, 


  		




  656
  
  
    
               HttpServletResponse response) {


  		




  
  670
  
    
               HttpServletResponse response, String user, String group) {


  		




  657
  671
  
    

  		




  658
  672
  
    
    String[] docid = (String[])params.get("docid");


  		




  659
  673
  
    
    Connection conn = null;


  		




  ......




  666
  680
  
    
                                      // FOR EXISTENCE OF DOCID PARAM


  		




  667
  681
  
    
                                      // BEFORE ACCESSING ARRAY


  		




  668
  682
  
    
      try { 


  		




  669
  
  
    
        DocumentImpl.delete(conn, docid[0]);


  		




  
  683
  
    
        DocumentImpl.delete(conn, docid[0], user, group);


  		




  670
  684
  
    
        response.setContentType("text/xml");


  		




  671
  685
  
    
        out.println("<?xml version=\"1.0\"?>");


  		




  672
  686
  
    
        out.println("<success>");


  		












Also available in:  Unified diff