Revision 441
Added by bojilova over 23 years ago
MetaCatServlet.java | ||
---|---|---|
241 | 241 |
if (sess.isNew()) { |
242 | 242 |
// session expired or has not been stored b/w user requests |
243 | 243 |
// redirect to default page for query only access |
244 |
|
|
245 |
// response.sendRedirect(htmlpath + "/sexpire.html");
|
|
244 |
// response.sendRedirect(htmlpath + "/sexpire.html"); |
|
245 |
username = "public";
|
|
246 | 246 |
} else { |
247 | 247 |
username = (String)sess.getAttribute("username"); |
248 | 248 |
groupname = (String)sess.getAttribute("groupname"); |
... | ... | |
253 | 253 |
// to a particular action handler |
254 | 254 |
if(action.equals("query")) |
255 | 255 |
{ |
256 |
handleQuery(out, params, response); |
|
256 |
handleQuery(out, params, response, username, groupname);
|
|
257 | 257 |
} |
258 | 258 |
else if(action.equals("squery")) |
259 | 259 |
{ |
260 | 260 |
if(params.containsKey("query")) |
261 | 261 |
{ |
262 |
handleSQuery(out, params, response); |
|
262 |
handleSQuery(out, params, response, username, groupname);
|
|
263 | 263 |
} |
264 | 264 |
else |
265 | 265 |
{ |
... | ... | |
381 | 381 |
* @param conn the database connection |
382 | 382 |
*/ |
383 | 383 |
protected void handleSQuery(PrintWriter out, Hashtable params, |
384 |
HttpServletResponse response)
|
|
384 |
HttpServletResponse response, String user, String group)
|
|
385 | 385 |
{ |
386 | 386 |
String xmlquery = ((String[])params.get("query"))[0]; |
387 | 387 |
String qformat = ((String[])params.get("qformat"))[0]; |
388 |
Hashtable doclist = runQuery(xmlquery); |
|
388 |
Hashtable doclist = runQuery(xmlquery, user, group);
|
|
389 | 389 |
String resultdoc = createResultDocument(doclist, xmlquery); |
390 | 390 |
|
391 | 391 |
//format and transform the results |
... | ... | |
408 | 408 |
* @param response the response object linked to the client |
409 | 409 |
*/ |
410 | 410 |
protected void handleQuery(PrintWriter out, Hashtable params, |
411 |
HttpServletResponse response)
|
|
411 |
HttpServletResponse response, String user, String group)
|
|
412 | 412 |
{ |
413 | 413 |
//create the query and run it |
414 | 414 |
String xmlquery = DBQuery.createSQuery(params); |
415 |
Hashtable doclist = runQuery(xmlquery); |
|
415 |
Hashtable doclist = runQuery(xmlquery, user, group);
|
|
416 | 416 |
String qformat = ((String[])params.get("qformat"))[0]; |
417 | 417 |
String resultdoc = createResultDocument(doclist, transformQuery(params)); |
418 | 418 |
|
... | ... | |
452 | 452 |
* |
453 | 453 |
* @param xmlquery the query to run |
454 | 454 |
*/ |
455 |
private Hashtable runQuery(String xmlquery) |
|
455 |
private Hashtable runQuery(String xmlquery, String user, String group)
|
|
456 | 456 |
{ |
457 | 457 |
Hashtable doclist=null; |
458 | 458 |
Connection conn = null; |
459 | 459 |
try |
460 | 460 |
{ |
461 |
conn = util.getConnection();
|
|
462 |
DBQuery queryobj = new DBQuery(conn, saxparser);
|
|
463 |
doclist = queryobj.findDocuments(new StringReader(xmlquery));
|
|
464 |
util.returnConnection(conn);
|
|
465 |
return doclist;
|
|
461 |
conn = util.getConnection(); |
|
462 |
DBQuery queryobj = new DBQuery(conn, saxparser); |
|
463 |
doclist = queryobj.findDocuments(new StringReader(xmlquery),user,group);
|
|
464 |
util.returnConnection(conn); |
|
465 |
return doclist; |
|
466 | 466 |
} |
467 | 467 |
catch (Exception e) |
468 | 468 |
{ |
469 |
if (conn != null) |
|
470 |
{ |
|
471 |
util.returnConnection(conn); |
|
472 |
} |
|
469 |
util.returnConnection(conn); |
|
473 | 470 |
util.debugMessage("Error in runQuery: " + e.getMessage()); |
474 | 471 |
doclist = null; |
475 | 472 |
return doclist; |
... | ... | |
499 | 496 |
} |
500 | 497 |
catch(Exception e) |
501 | 498 |
{ |
502 |
//if (conn != null) |
|
503 |
{ |
|
504 |
util.returnConnection(conn); |
|
505 |
} |
|
499 |
util.returnConnection(conn); |
|
506 | 500 |
} |
507 | 501 |
} |
508 | 502 |
|
Also available in: Unified diff
added check from "read" permission on "query" and "squery" actions
for connected user or for "public" connection