Revision 425
Added by bojilova over 23 years ago
MetaCatServlet.java | ||
---|---|---|
217 | 217 |
// by looking up the current session information for all actions |
218 | 218 |
// other than "Login" and "Logout" |
219 | 219 |
// handle login action |
220 |
String username = null; |
|
221 |
String groupname = null; |
|
220 | 222 |
if (action.equals("Login") || action.equals("Login Client")) { |
221 | 223 |
handleLoginAction(out, params, request, response); |
222 | 224 |
// handle logout action |
... | ... | |
241 | 243 |
// redirect to default page for query only access |
242 | 244 |
|
243 | 245 |
// response.sendRedirect(htmlpath + "/sexpire.html"); |
244 |
|
|
245 |
} |
|
246 |
} else { |
|
247 |
username = (String)sess.getAttribute("username"); |
|
248 |
groupname = (String)sess.getAttribute("groupname"); |
|
249 |
} |
|
246 | 250 |
} |
247 | 251 |
|
248 | 252 |
// Now that we know the session is valid, we can delegate the request |
... | ... | |
272 | 276 |
out.println(se.getMessage()); |
273 | 277 |
} |
274 | 278 |
} else if (action.equals("insert") || action.equals("update")) { |
275 |
handleInsertOrUpdateAction(out, params, response); |
|
279 |
if ( !username.equals("public") && (username != null) ) { |
|
280 |
handleInsertOrUpdateAction(out, params, response, username, groupname); |
|
281 |
} else { |
|
282 |
out.println("Permission denied for " + action); |
|
283 |
} |
|
276 | 284 |
} else if (action.equals("delete")) { |
277 |
handleDeleteAction(out, params, response); |
|
285 |
if ( !username.equals("public") && (username != null) ) { |
|
286 |
handleDeleteAction(out, params, response, username, groupname); |
|
287 |
} else { |
|
288 |
out.println("Permission denied for " + action); |
|
289 |
} |
|
278 | 290 |
} else if (action.equals("validate")) { |
279 | 291 |
handleValidateAction(out, params, response); |
280 | 292 |
} else if (action.equals("getdatadoc")) { |
... | ... | |
396 | 408 |
Hashtable doclist = runQuery(xmlquery); |
397 | 409 |
String qformat = ((String[])params.get("qformat"))[0]; |
398 | 410 |
String resultdoc = createResultDocument(doclist, transformQuery(params)); |
411 |
|
|
399 | 412 |
//format and transform the results |
400 | 413 |
if(qformat.equals("html")) { |
401 | 414 |
transformResultset(resultdoc, response, out); |
... | ... | |
575 | 588 |
* to the database connection |
576 | 589 |
*/ |
577 | 590 |
private void handleInsertOrUpdateAction(PrintWriter out, Hashtable params, |
578 |
HttpServletResponse response) { |
|
591 |
HttpServletResponse response, String user, String group) {
|
|
579 | 592 |
|
580 | 593 |
Connection conn = null; |
581 | 594 |
|
... | ... | |
607 | 620 |
if (accNumber.equals("")) { |
608 | 621 |
accNumber = null; |
609 | 622 |
} |
610 |
newdocid = DocumentImpl.write(conn, xml, doAction, accNumber); |
|
623 |
newdocid = DocumentImpl.write(conn, xml, doAction, accNumber, |
|
624 |
user, group); |
|
611 | 625 |
} catch (NullPointerException npe) { |
612 |
newdocid = DocumentImpl.write(conn, xml, doAction, null);
|
|
626 |
newdocid = DocumentImpl.write(conn,xml,doAction,null,user,group);
|
|
613 | 627 |
} |
614 | 628 |
} catch (Exception e) { |
615 | 629 |
response.setContentType("text/html"); |
... | ... | |
653 | 667 |
* from the database connection |
654 | 668 |
*/ |
655 | 669 |
private void handleDeleteAction(PrintWriter out, Hashtable params, |
656 |
HttpServletResponse response) { |
|
670 |
HttpServletResponse response, String user, String group) {
|
|
657 | 671 |
|
658 | 672 |
String[] docid = (String[])params.get("docid"); |
659 | 673 |
Connection conn = null; |
... | ... | |
666 | 680 |
// FOR EXISTENCE OF DOCID PARAM |
667 | 681 |
// BEFORE ACCESSING ARRAY |
668 | 682 |
try { |
669 |
DocumentImpl.delete(conn, docid[0]); |
|
683 |
DocumentImpl.delete(conn, docid[0], user, group);
|
|
670 | 684 |
response.setContentType("text/xml"); |
671 | 685 |
out.println("<?xml version=\"1.0\"?>"); |
672 | 686 |
out.println("<success>"); |
Also available in: Unified diff
storing user_owner and user_updated where needed
new function in DocumentImpl checking for "write" perm on UPDATE or DELETE
added delete from xml_index of the old version of docid on UPDATE