Revision 441
Added by bojilova over 23 years ago
| DBQuery.java | ||
|---|---|---|
| 35 | 35 |
*/ |
| 36 | 36 |
public class DBQuery {
|
| 37 | 37 |
|
| 38 |
static final int ALL = 1; |
|
| 39 |
static final int WRITE = 2; |
|
| 40 |
static final int READ = 4; |
|
| 41 |
|
|
| 38 | 42 |
private Connection conn = null; |
| 39 | 43 |
private String parserName = null; |
| 40 | 44 |
|
| ... | ... | |
| 65 | 69 |
DBQuery queryobj = new DBQuery(dbconn, util.getOption("saxparser"));
|
| 66 | 70 |
FileReader xml = new FileReader(new File(xmlfile)); |
| 67 | 71 |
Hashtable nodelist = null; |
| 68 |
nodelist = queryobj.findDocuments(xml); |
|
| 72 |
nodelist = queryobj.findDocuments(xml, null, null);
|
|
| 69 | 73 |
|
| 70 | 74 |
// Print the reulting document listing |
| 71 | 75 |
StringBuffer result = new StringBuffer(); |
| ... | ... | |
| 117 | 121 |
* |
| 118 | 122 |
* @param xmlquery the xml serialization of the query (@see pathquery.dtd) |
| 119 | 123 |
*/ |
| 120 |
public Hashtable findDocuments(Reader xmlquery) {
|
|
| 124 |
public Hashtable findDocuments(Reader xmlquery, String user, String group) {
|
|
| 121 | 125 |
Hashtable docListResult = new Hashtable(); |
| 122 | 126 |
PreparedStatement pstmt; |
| 123 | 127 |
String docid = null; |
| ... | ... | |
| 143 | 147 |
boolean tableHasRows = rs.next(); |
| 144 | 148 |
while (tableHasRows) {
|
| 145 | 149 |
docid = rs.getString(1); |
| 150 |
if ( !hasReadPermission(conn, docid, user, group) ) {continue;}
|
|
| 146 | 151 |
docname = rs.getString(2); |
| 147 | 152 |
doctype = rs.getString(3); |
| 148 | 153 |
doctitle = rs.getString(4); |
| ... | ... | |
| 186 | 191 |
while(tableHasRows) |
| 187 | 192 |
{
|
| 188 | 193 |
docid = rs.getString(1); |
| 194 |
if ( !hasReadPermission(conn, docid, user, group) ) {continue;}
|
|
| 189 | 195 |
fieldname = rs.getString(2); |
| 190 | 196 |
fielddata = rs.getString(3); |
| 191 | 197 |
|
| ... | ... | |
| 478 | 484 |
public static String createQuery(String value) {
|
| 479 | 485 |
return createQuery(value, "any"); |
| 480 | 486 |
} |
| 487 |
|
|
| 488 |
/** Check for "read" permissions from DB connection */ |
|
| 489 |
private boolean hasReadPermission(Connection conn, String docid, |
|
| 490 |
String user, String group) |
|
| 491 |
throws SQLException {
|
|
| 492 |
// b' of the command line invocation |
|
| 493 |
if ( (user == null) && (group == null) ) {
|
|
| 494 |
return true; |
|
| 495 |
} |
|
| 496 |
|
|
| 497 |
PreparedStatement pstmt; |
|
| 498 |
// checking if user is owner of docid or if docid has public access |
|
| 499 |
try {
|
|
| 500 |
pstmt = conn.prepareStatement( |
|
| 501 |
"SELECT 'x' FROM xml_documents " + |
|
| 502 |
"WHERE docid LIKE ? AND user_owner LIKE ? " + |
|
| 503 |
"UNION " + |
|
| 504 |
"SELECT 'x' FROM xml_documents " + |
|
| 505 |
"WHERE docid LIKE ? AND public_access = 1"); |
|
| 506 |
// Bind the values to the query |
|
| 507 |
pstmt.setString(1, docid); |
|
| 508 |
pstmt.setString(2, user); |
|
| 509 |
pstmt.setString(3, docid); |
|
| 510 |
|
|
| 511 |
pstmt.execute(); |
|
| 512 |
ResultSet rs = pstmt.getResultSet(); |
|
| 513 |
boolean hasRow = rs.next(); |
|
| 514 |
pstmt.close(); |
|
| 515 |
if (hasRow) {
|
|
| 516 |
return true; |
|
| 517 |
} |
|
| 518 |
|
|
| 519 |
} catch (SQLException e) {
|
|
| 520 |
throw new |
|
| 521 |
SQLException("Error checking document's owner or public access: "
|
|
| 522 |
+ e.getMessage()); |
|
| 523 |
} |
|
| 524 |
|
|
| 525 |
// checking if docid has public access at this time |
|
| 526 |
try {
|
|
| 527 |
pstmt = conn.prepareStatement( |
|
| 528 |
"SELECT 'x' FROM xml_access " + |
|
| 529 |
"WHERE docid LIKE ? " + |
|
| 530 |
"AND principal_name = 'public' " + |
|
| 531 |
"AND principal_type = 'user' " + |
|
| 532 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
| 533 |
"AND nvl(end_time,sysdate)"); |
|
| 534 |
// Bind the values to the query |
|
| 535 |
pstmt.setString(1, docid); |
|
| 536 |
|
|
| 537 |
pstmt.execute(); |
|
| 538 |
ResultSet rs = pstmt.getResultSet(); |
|
| 539 |
boolean hasRow = rs.next(); |
|
| 540 |
pstmt.close(); |
|
| 541 |
if (hasRow) {
|
|
| 542 |
return true; |
|
| 543 |
} |
|
| 544 |
|
|
| 545 |
} catch (SQLException e) {
|
|
| 546 |
throw new |
|
| 547 |
SQLException("Error checking doc's public access: " + e.getMessage());
|
|
| 548 |
} |
|
| 549 |
|
|
| 550 |
// checking access type from xml_access table |
|
| 551 |
int accesstype = 0; |
|
| 552 |
try {
|
|
| 553 |
pstmt = conn.prepareStatement( |
|
| 554 |
"SELECT access_type FROM xml_access " + |
|
| 555 |
"WHERE docid LIKE ? " + |
|
| 556 |
"AND principal_name LIKE ? " + |
|
| 557 |
"AND principal_type = 'user' " + |
|
| 558 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
| 559 |
"AND nvl(end_time,sysdate) " + |
|
| 560 |
"UNION " + |
|
| 561 |
"SELECT access_type FROM xml_access " + |
|
| 562 |
"WHERE docid LIKE ? " + |
|
| 563 |
"AND principal_name LIKE ? " + |
|
| 564 |
"AND principal_type = 'group' " + |
|
| 565 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
| 566 |
"AND nvl(end_time,sysdate)"); |
|
| 567 |
// Bind the values to the query |
|
| 568 |
pstmt.setString(1, docid); |
|
| 569 |
pstmt.setString(2, user); |
|
| 570 |
pstmt.setString(3, docid); |
|
| 571 |
pstmt.setString(2, group); |
|
| 572 |
|
|
| 573 |
pstmt.execute(); |
|
| 574 |
ResultSet rs = pstmt.getResultSet(); |
|
| 575 |
boolean hasRows = rs.next(); |
|
| 576 |
while ( hasRows ) {
|
|
| 577 |
accesstype = rs.getInt(1); |
|
| 578 |
if ( (accesstype & READ) == READ ) {
|
|
| 579 |
pstmt.close(); |
|
| 580 |
return true; |
|
| 581 |
} |
|
| 582 |
hasRows = rs.next(); |
|
| 583 |
} |
|
| 584 |
|
|
| 585 |
pstmt.close(); |
|
| 586 |
return false; |
|
| 587 |
|
|
| 588 |
} catch (SQLException e) {
|
|
| 589 |
throw new |
|
| 590 |
SQLException("Error getting document's permissions: " + e.getMessage());
|
|
| 591 |
} |
|
| 592 |
} |
|
| 593 |
|
|
| 481 | 594 |
} |
| 482 | 595 |
|
| 483 | 596 |
/** |
| 484 | 597 |
* '$Log$ |
| 598 |
* 'Revision 1.18 2000/09/05 20:50:56 berkley |
|
| 599 |
* 'Added a method called getNodeContent which retrieves the content of a node in a document. If there are more than one nodes with the same name returned, it returns an array with all of the data. |
|
| 600 |
* ' |
|
| 485 | 601 |
* 'Revision 1.17 2000/08/31 21:20:39 berkley |
| 486 | 602 |
* 'changed xslf for new returnfield scheme. the returnfields are now returned as <param name="<returnfield>"> tags. |
| 487 | 603 |
* 'hThe sql for the returnfield query was redone to fix a previous problem with slow queries |
Also available in: Unified diff
added check from "read" permission on "query" and "squery" actions
for connected user or for "public" connection