Revision 441
Added by bojilova over 23 years ago
| MetaCatServlet.java | ||
|---|---|---|
| 241 | 241 |
if (sess.isNew()) {
|
| 242 | 242 |
// session expired or has not been stored b/w user requests |
| 243 | 243 |
// redirect to default page for query only access |
| 244 |
|
|
| 245 |
// response.sendRedirect(htmlpath + "/sexpire.html");
|
|
| 244 |
// response.sendRedirect(htmlpath + "/sexpire.html"); |
|
| 245 |
username = "public";
|
|
| 246 | 246 |
} else {
|
| 247 | 247 |
username = (String)sess.getAttribute("username");
|
| 248 | 248 |
groupname = (String)sess.getAttribute("groupname");
|
| ... | ... | |
| 253 | 253 |
// to a particular action handler |
| 254 | 254 |
if(action.equals("query"))
|
| 255 | 255 |
{
|
| 256 |
handleQuery(out, params, response); |
|
| 256 |
handleQuery(out, params, response, username, groupname);
|
|
| 257 | 257 |
} |
| 258 | 258 |
else if(action.equals("squery"))
|
| 259 | 259 |
{
|
| 260 | 260 |
if(params.containsKey("query"))
|
| 261 | 261 |
{
|
| 262 |
handleSQuery(out, params, response); |
|
| 262 |
handleSQuery(out, params, response, username, groupname);
|
|
| 263 | 263 |
} |
| 264 | 264 |
else |
| 265 | 265 |
{
|
| ... | ... | |
| 381 | 381 |
* @param conn the database connection |
| 382 | 382 |
*/ |
| 383 | 383 |
protected void handleSQuery(PrintWriter out, Hashtable params, |
| 384 |
HttpServletResponse response)
|
|
| 384 |
HttpServletResponse response, String user, String group)
|
|
| 385 | 385 |
{
|
| 386 | 386 |
String xmlquery = ((String[])params.get("query"))[0];
|
| 387 | 387 |
String qformat = ((String[])params.get("qformat"))[0];
|
| 388 |
Hashtable doclist = runQuery(xmlquery); |
|
| 388 |
Hashtable doclist = runQuery(xmlquery, user, group);
|
|
| 389 | 389 |
String resultdoc = createResultDocument(doclist, xmlquery); |
| 390 | 390 |
|
| 391 | 391 |
//format and transform the results |
| ... | ... | |
| 408 | 408 |
* @param response the response object linked to the client |
| 409 | 409 |
*/ |
| 410 | 410 |
protected void handleQuery(PrintWriter out, Hashtable params, |
| 411 |
HttpServletResponse response)
|
|
| 411 |
HttpServletResponse response, String user, String group)
|
|
| 412 | 412 |
{
|
| 413 | 413 |
//create the query and run it |
| 414 | 414 |
String xmlquery = DBQuery.createSQuery(params); |
| 415 |
Hashtable doclist = runQuery(xmlquery); |
|
| 415 |
Hashtable doclist = runQuery(xmlquery, user, group);
|
|
| 416 | 416 |
String qformat = ((String[])params.get("qformat"))[0];
|
| 417 | 417 |
String resultdoc = createResultDocument(doclist, transformQuery(params)); |
| 418 | 418 |
|
| ... | ... | |
| 452 | 452 |
* |
| 453 | 453 |
* @param xmlquery the query to run |
| 454 | 454 |
*/ |
| 455 |
private Hashtable runQuery(String xmlquery) |
|
| 455 |
private Hashtable runQuery(String xmlquery, String user, String group)
|
|
| 456 | 456 |
{
|
| 457 | 457 |
Hashtable doclist=null; |
| 458 | 458 |
Connection conn = null; |
| 459 | 459 |
try |
| 460 | 460 |
{
|
| 461 |
conn = util.getConnection();
|
|
| 462 |
DBQuery queryobj = new DBQuery(conn, saxparser);
|
|
| 463 |
doclist = queryobj.findDocuments(new StringReader(xmlquery));
|
|
| 464 |
util.returnConnection(conn);
|
|
| 465 |
return doclist;
|
|
| 461 |
conn = util.getConnection(); |
|
| 462 |
DBQuery queryobj = new DBQuery(conn, saxparser); |
|
| 463 |
doclist = queryobj.findDocuments(new StringReader(xmlquery),user,group);
|
|
| 464 |
util.returnConnection(conn); |
|
| 465 |
return doclist; |
|
| 466 | 466 |
} |
| 467 | 467 |
catch (Exception e) |
| 468 | 468 |
{
|
| 469 |
if (conn != null) |
|
| 470 |
{
|
|
| 471 |
util.returnConnection(conn); |
|
| 472 |
} |
|
| 469 |
util.returnConnection(conn); |
|
| 473 | 470 |
util.debugMessage("Error in runQuery: " + e.getMessage());
|
| 474 | 471 |
doclist = null; |
| 475 | 472 |
return doclist; |
| ... | ... | |
| 499 | 496 |
} |
| 500 | 497 |
catch(Exception e) |
| 501 | 498 |
{
|
| 502 |
//if (conn != null) |
|
| 503 |
{
|
|
| 504 |
util.returnConnection(conn); |
|
| 505 |
} |
|
| 499 |
util.returnConnection(conn); |
|
| 506 | 500 |
} |
| 507 | 501 |
} |
| 508 | 502 |
|
Also available in: Unified diff
added check from "read" permission on "query" and "squery" actions
for connected user or for "public" connection