Revision 5098
Added by daigle over 14 years ago
| src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java | ||
|---|---|---|
| 1 | 1 |
/** |
| 2 | 2 |
* '$RCSfile$' |
| 3 |
* Purpose: A Class that manages database access of scheduled task
|
|
| 3 |
* Purpose: A Class that manages database access of xml access
|
|
| 4 | 4 |
* information. |
| 5 | 5 |
* Copyright: 2009 Regents of the University of California and the |
| 6 | 6 |
* National Center for Ecological Analysis and Synthesis |
| ... | ... | |
| 259 | 259 |
} |
| 260 | 260 |
|
| 261 | 261 |
/** |
| 262 |
* Add permissions for a given prinicpal on a given document. If the
|
|
| 263 |
* prinicpal already exists, bitwise OR the permission to the existing
|
|
| 262 |
* Add permissions for a given principal on a given document. If the
|
|
| 263 |
* principal already exists, bitwise OR the permission to the existing
|
|
| 264 | 264 |
* permission and update. |
| 265 | 265 |
* |
| 266 | 266 |
* @param docId |
| ... | ... | |
| 310 | 310 |
} |
| 311 | 311 |
|
| 312 | 312 |
/** |
| 313 |
* Insert an xml access record |
|
| 313 |
* Set permissions for a given document. This means first removing all access control for the |
|
| 314 |
* document and then adding the given rules. |
|
| 315 |
* |
|
| 314 | 316 |
* @param docId |
| 315 | 317 |
* document id |
| 318 |
* @param xmlAccessList |
|
| 319 |
* list of xml access dao objects that hold new access for the document |
|
| 320 |
*/ |
|
| 321 |
public void setXMLAccess(String docId, Vector<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
| 322 |
deleteXMLAccessForDoc(docId); |
|
| 323 |
|
|
| 324 |
// if more than one record exists for this principal on this document with the same |
|
| 325 |
// access type / access order combination, call cleanup to combine common access and then |
|
| 326 |
// re-retrieve the access list. |
|
| 327 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
|
| 328 |
insertXMLAccess(docId, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(), |
|
| 329 |
xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder()); |
|
| 330 |
} |
|
| 331 |
} |
|
| 332 |
|
|
| 333 |
/** |
|
| 334 |
* Insert an xml access record. It is assumed that the checks have already been made to |
|
| 335 |
* make sure the principal does not already have an access record for this document. If |
|
| 336 |
* one does already exist, that record should be updated and this insert not called. |
|
| 337 |
* |
|
| 338 |
* @param docId |
|
| 339 |
* document id |
|
| 316 | 340 |
* @param principal |
| 317 | 341 |
* principal credentials |
| 318 | 342 |
* @param permission |
| ... | ... | |
| 389 | 413 |
} |
| 390 | 414 |
|
| 391 | 415 |
/** |
| 392 |
* Update existing xml access permissions in the db |
|
| 416 |
* Update existing xml access permissions in the db. The permission value should be the combined |
|
| 417 |
* value of pre-existing permissions plus new permissions. |
|
| 418 |
* |
|
| 393 | 419 |
* @param docId |
| 394 | 420 |
* document id |
| 395 | 421 |
* @param principalName |
| ... | ... | |
| 455 | 481 |
} |
| 456 | 482 |
|
| 457 | 483 |
/** |
| 458 |
* Delete xml access. This modifies the access in the database for a principal
|
|
| 484 |
* Remove xml access. This modifies the access in the database for a principal
|
|
| 459 | 485 |
* for a given document. If the provided permission is exactly the same as what |
| 460 |
* the principal has, the record is removed from the database. |
|
| 486 |
* the principal has, the record is deleted from the database. |
|
| 487 |
* |
|
| 461 | 488 |
* @param docId |
| 462 | 489 |
* document id |
| 463 | 490 |
* @param principalName |
| 464 | 491 |
* principal credentials |
| 465 | 492 |
*/ |
| 466 |
private void removeXMLAccessForPrincipal(String docId, String principalName, Long permission) throws AccessException {
|
|
| 493 |
public void removeXMLAccessForPrincipal(String docId, String principalName, Long permission) throws AccessException {
|
|
| 467 | 494 |
if (docId == null) {
|
| 468 | 495 |
throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - docid is required when " +
|
| 469 | 496 |
"removing XML access"); |
| ... | ... | |
| 504 | 531 |
} |
| 505 | 532 |
|
| 506 | 533 |
/** |
| 534 |
* Delete xml access. This removes all access records from the database for a given document |
|
| 535 |
* |
|
| 536 |
* @param docId |
|
| 537 |
* document id |
|
| 538 |
*/ |
|
| 539 |
private void deleteXMLAccessForDoc(String docId) throws AccessException {
|
|
| 540 |
if (docId == null) {
|
|
| 541 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - docid is required when " +
|
|
| 542 |
"deleting XML access record"); |
|
| 543 |
} |
|
| 544 |
|
|
| 545 |
PreparedStatement pstmt = null; |
|
| 546 |
DBConnection conn = null; |
|
| 547 |
int serialNumber = -1; |
|
| 548 |
try {
|
|
| 549 |
// check out DBConnection |
|
| 550 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc");
|
|
| 551 |
String sql = "DELETE FROM xml_access WHERE docid = ?"; |
|
| 552 |
pstmt = conn.prepareStatement(sql); |
|
| 553 |
|
|
| 554 |
// Bind the values to the query |
|
| 555 |
pstmt.setString(1, docId); |
|
| 556 |
|
|
| 557 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
|
| 558 |
sqlReport += " [" + docId + "]"; |
|
| 559 |
|
|
| 560 |
logMetacat.info(sqlReport); |
|
| 561 |
|
|
| 562 |
pstmt.execute(); |
|
| 563 |
} catch (SQLException sqle) {
|
|
| 564 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting"
|
|
| 565 |
+ "xml access permissions for doc id: " + docId + ":" + sqle.getMessage()); |
|
| 566 |
} finally {
|
|
| 567 |
try {
|
|
| 568 |
if (pstmt != null) {
|
|
| 569 |
pstmt.close(); |
|
| 570 |
} |
|
| 571 |
} catch (SQLException sqle) {
|
|
| 572 |
logMetacat.error("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when closing prepared " +
|
|
| 573 |
"statement after deleting xml access permissions for doc id: " + ":" + sqle.getMessage()); |
|
| 574 |
} finally {
|
|
| 575 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 576 |
} |
|
| 577 |
} |
|
| 578 |
} |
|
| 579 |
|
|
| 580 |
/** |
|
| 507 | 581 |
* Delete xml access. This removes all access records from the database for a principal |
| 508 | 582 |
* for a given document |
| 583 |
* |
|
| 509 | 584 |
* @param docId |
| 510 | 585 |
* document id |
| 511 | 586 |
* @param principal |
| ... | ... | |
| 628 | 703 |
} |
| 629 | 704 |
|
| 630 | 705 |
} |
| 631 |
|
|
| 706 |
|
|
| 707 |
/** |
|
| 708 |
* Make sure that only one record exists per principal/permType/document. If |
|
| 709 |
* more than one record exists, delete the existing records, consolidate the |
|
| 710 |
* permissions insert the new record. |
|
| 711 |
* |
|
| 712 |
* @param xmlAccessList |
|
| 713 |
* @throws AccessException |
|
| 714 |
*/ |
|
| 632 | 715 |
private void cleanupXMLAccessForPrincipal(Vector<XMLAccessDAO> xmlAccessList) throws AccessException{
|
| 633 | 716 |
|
| 634 |
long permissionMask = 0; |
|
| 717 |
int numAllowRecords = 0; |
|
| 718 |
int numDenyRecords = 0; |
|
| 719 |
long allowPermissionMask = 0; |
|
| 720 |
long denyPermissionMask = 0; |
|
| 635 | 721 |
String docId = null; |
| 636 | 722 |
String principalName = null; |
| 637 | 723 |
String permType = null; |
| 638 | 724 |
String permOrder = null; |
| 639 | 725 |
|
| 640 |
if (xmlAccessList.size() == 1) {
|
|
| 641 |
return; |
|
| 642 |
} |
|
| 643 | 726 |
|
| 644 | 727 |
// iterate through the list of access dao objects and bttwise or the permissions. Most |
| 645 | 728 |
// of this is just doing some error checking to make sure each record is valid. |
| ... | ... | |
| 689 | 772 |
"principalName " + principalName + ". Database intervention required "); |
| 690 | 773 |
} |
| 691 | 774 |
} |
| 692 |
permissionMask |= xmlAccessDAO.getPermission(); |
|
| 775 |
if (permType.equals(AccessControlInterface.ALLOW)) {
|
|
| 776 |
numAllowRecords++; |
|
| 777 |
allowPermissionMask |= xmlAccessDAO.getPermission(); |
|
| 778 |
} else if (permType.equals(AccessControlInterface.DENY)) {
|
|
| 779 |
numDenyRecords++; |
|
| 780 |
denyPermissionMask |= xmlAccessDAO.getPermission(); |
|
| 781 |
} |
|
| 693 | 782 |
} |
| 694 | 783 |
|
| 695 |
// remove all records for this user on this doc with this perm type and perm order |
|
| 696 |
// then insert a single record |
|
| 697 |
deleteXMLAccessForPrincipal(docId, principalName, permType, permOrder); |
|
| 698 |
insertXMLAccess(docId, principalName, permissionMask, permType, permOrder); |
|
| 784 |
// if there was more than one allow record, remove all allow records for this user on this doc |
|
| 785 |
// with this perm type and perm order then insert a single record |
|
| 786 |
if (numAllowRecords > 1) {
|
|
| 787 |
deleteXMLAccessForPrincipal(docId, principalName, AccessControlInterface.ALLOW, permOrder); |
|
| 788 |
insertXMLAccess(docId, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder); |
|
| 789 |
} |
|
| 790 |
// if there was more than one deny record, remove all deny records for this user on this doc |
|
| 791 |
// with this perm type and perm order then insert a single record |
|
| 792 |
if (numDenyRecords > 1) {
|
|
| 793 |
deleteXMLAccessForPrincipal(docId, principalName, AccessControlInterface.DENY, permOrder); |
|
| 794 |
insertXMLAccess(docId, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder); |
|
| 795 |
} |
|
| 699 | 796 |
} |
| 700 | 797 |
|
| 798 |
/** |
|
| 799 |
* |
|
| 800 |
* @param xmlAccessList |
|
| 801 |
* @throws PermOrderException |
|
| 802 |
*/ |
|
| 701 | 803 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException {
|
| 702 | 804 |
String permOrder = null; |
| 703 | 805 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| ... | ... | |
| 769 | 871 |
". Database intervention required "); |
| 770 | 872 |
} |
| 771 | 873 |
} |
| 772 |
|
|
| 773 |
/** |
|
| 774 |
* Check if the given list of XML access DAOs has redundant access. This occurs if there is |
|
| 775 |
* more than one instance of any combination of access type and access order. Note that we |
|
| 776 |
* assume that the list contains access records for one principal on one document. |
|
| 777 |
* @param xmlAccessList |
|
| 778 |
* @return |
|
| 779 |
* @throws AccessException |
|
| 780 |
*/ |
|
| 781 |
private boolean hasRedundantPrincipalAccess(Vector<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
| 782 |
|
|
| 783 |
// These will hold counts of all combinations of access DAOs with different permission |
|
| 784 |
// orders and permission types. |
|
| 785 |
int allowFirstAllows = 0; |
|
| 786 |
int allowFirstDenys = 0; |
|
| 787 |
int denyFirstAllows = 0; |
|
| 788 |
int denyFirstDenys = 0; |
|
| 789 |
|
|
| 790 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
|
| 791 |
if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.ALLOWFIRST)) {
|
|
| 792 |
if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
|
|
| 793 |
allowFirstAllows++; |
|
| 794 |
} else if (xmlAccessDAO.getPermType().equals(AccessControlInterface.DENY)) {
|
|
| 795 |
allowFirstDenys++; |
|
| 796 |
} else {
|
|
| 797 |
throw new AccessException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
|
|
| 798 |
"Invalid permission type: "+ xmlAccessDAO.getPermType() + " for document " + |
|
| 799 |
xmlAccessDAO.getDocId() + ". Database intervention required "); |
|
| 800 |
} |
|
| 801 |
} else if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.DENYFIRST)) {
|
|
| 802 |
if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
|
|
| 803 |
denyFirstAllows++; |
|
| 804 |
} else if (xmlAccessDAO.getPermType().equals(AccessControlInterface.DENY)) {
|
|
| 805 |
denyFirstDenys++; |
|
| 806 |
} else {
|
|
| 807 |
throw new AccessException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
|
|
| 808 |
"Invalid permission type: " + xmlAccessDAO.getPermType() + " for document "+ |
|
| 809 |
xmlAccessDAO.getDocId() + ". Database intervention required "); |
|
| 810 |
} |
|
| 811 |
} |
|
| 812 |
} |
|
| 813 |
return (allowFirstAllows > 1) || (allowFirstDenys > 1) || (denyFirstAllows > 1) |
|
| 814 |
|| (denyFirstDenys > 1); |
|
| 815 |
} |
|
| 816 | 874 |
|
| 817 | 875 |
/** |
| 818 | 876 |
* Populate a job data object with the current row in a resultset |
| src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessDAO.java | ||
|---|---|---|
| 57 | 57 |
} |
| 58 | 58 |
|
| 59 | 59 |
public void setDocId(String docId) {
|
| 60 |
_docId = docId; |
|
| 60 |
if (docId != null && docId.equals("")) {
|
|
| 61 |
docId = null; |
|
| 62 |
} else {
|
|
| 63 |
_docId = docId; |
|
| 64 |
} |
|
| 61 | 65 |
} |
| 62 | 66 |
|
| 63 | 67 |
public String getAccessFileId() {
|
| ... | ... | |
| 65 | 69 |
} |
| 66 | 70 |
|
| 67 | 71 |
public void setAccessFileId(String accessFileId) {
|
| 68 |
_accessFileId = accessFileId; |
|
| 72 |
if(accessFileId != null && accessFileId.equals("")) {
|
|
| 73 |
_accessFileId = null; |
|
| 74 |
} else {
|
|
| 75 |
_accessFileId = accessFileId; |
|
| 76 |
} |
|
| 69 | 77 |
} |
| 70 | 78 |
|
| 71 | 79 |
public String getPrincipalName() {
|
| ... | ... | |
| 73 | 81 |
} |
| 74 | 82 |
|
| 75 | 83 |
public void setPrincipalName(String principalName) {
|
| 76 |
_principalName = principalName; |
|
| 84 |
if (principalName != null && principalName.equals("")) {
|
|
| 85 |
_principalName = null; |
|
| 86 |
} else {
|
|
| 87 |
_principalName = principalName; |
|
| 88 |
} |
|
| 77 | 89 |
} |
| 78 | 90 |
|
| 79 | 91 |
public Long getPermission() {
|
| ... | ... | |
| 89 | 101 |
} |
| 90 | 102 |
|
| 91 | 103 |
public void setPermType(String permType) {
|
| 92 |
_permType = permType; |
|
| 104 |
if (permType != null && permType.equals("")) {
|
|
| 105 |
_permType = null; |
|
| 106 |
} else {
|
|
| 107 |
_permType = permType; |
|
| 108 |
} |
|
| 93 | 109 |
} |
| 94 | 110 |
|
| 95 | 111 |
public String getPermOrder() {
|
| ... | ... | |
| 97 | 113 |
} |
| 98 | 114 |
|
| 99 | 115 |
public void setPermOrder(String permOrder) {
|
| 100 |
_permOrder = permOrder; |
|
| 116 |
if (permOrder != null && permOrder.equals("")) {
|
|
| 117 |
_permOrder = null; |
|
| 118 |
} else {
|
|
| 119 |
_permOrder = permOrder; |
|
| 120 |
} |
|
| 101 | 121 |
} |
| 102 | 122 |
|
| 103 | 123 |
public Date getBeginTime() {
|
| ... | ... | |
| 129 | 149 |
} |
| 130 | 150 |
|
| 131 | 151 |
public void setSubTreeId(String subTreeId) {
|
| 132 |
_subTreeId = subTreeId; |
|
| 152 |
if (subTreeId != null && subTreeId.equals("")) {
|
|
| 153 |
_subTreeId = null; |
|
| 154 |
} else {
|
|
| 155 |
_subTreeId = subTreeId; |
|
| 156 |
} |
|
| 133 | 157 |
} |
| 134 | 158 |
|
| 135 | 159 |
public String getStartNodeId() {
|
| ... | ... | |
| 137 | 161 |
} |
| 138 | 162 |
|
| 139 | 163 |
public void setStartNodeId(String startNodeId) {
|
| 140 |
_startNodeId = startNodeId; |
|
| 164 |
if (startNodeId != null && startNodeId.equals("")) {
|
|
| 165 |
_startNodeId = null; |
|
| 166 |
} else {
|
|
| 167 |
_startNodeId = startNodeId; |
|
| 168 |
} |
|
| 141 | 169 |
} |
| 142 | 170 |
|
| 143 | 171 |
public String getEndNodeId() {
|
| ... | ... | |
| 145 | 173 |
} |
| 146 | 174 |
|
| 147 | 175 |
public void setEndNodeId(String endNodeId) {
|
| 148 |
_endNodeId = endNodeId; |
|
| 176 |
if (endNodeId != null && endNodeId.equals("")) {
|
|
| 177 |
endNodeId = null; |
|
| 178 |
} else {
|
|
| 179 |
_endNodeId = endNodeId; |
|
| 180 |
} |
|
| 149 | 181 |
} |
| 150 | 182 |
|
| 151 | 183 |
} |
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
|---|---|---|
| 27 | 27 |
|
| 28 | 28 |
package edu.ucsb.nceas.metacat.accesscontrol; |
| 29 | 29 |
|
| 30 |
import java.sql.*; |
|
| 30 |
import java.io.IOException; |
|
| 31 |
import java.io.StringReader; |
|
| 32 |
import java.sql.PreparedStatement; |
|
| 33 |
import java.sql.ResultSet; |
|
| 34 |
import java.sql.SQLException; |
|
| 35 |
import java.util.Vector; |
|
| 31 | 36 |
|
| 32 | 37 |
import org.apache.log4j.Logger; |
| 38 |
import org.xml.sax.ContentHandler; |
|
| 39 |
import org.xml.sax.ErrorHandler; |
|
| 40 |
import org.xml.sax.InputSource; |
|
| 41 |
import org.xml.sax.SAXException; |
|
| 42 |
import org.xml.sax.XMLReader; |
|
| 43 |
import org.xml.sax.helpers.XMLReaderFactory; |
|
| 33 | 44 |
|
| 45 |
import edu.ucsb.nceas.metacat.DocInfoHandler; |
|
| 46 |
import edu.ucsb.nceas.metacat.DocumentImpl; |
|
| 47 |
import edu.ucsb.nceas.metacat.McdbException; |
|
| 48 |
import edu.ucsb.nceas.metacat.PermissionController; |
|
| 34 | 49 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 35 | 50 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 51 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
|
| 36 | 52 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
| 37 | 53 |
import edu.ucsb.nceas.metacat.util.DocumentUtil; |
| 54 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
|
| 38 | 55 |
|
| 39 | 56 |
|
| 40 | 57 |
/** |
| ... | ... | |
| 45 | 62 |
public class AccessControlForSingleFile implements AccessControlInterface |
| 46 | 63 |
{
|
| 47 | 64 |
|
| 48 |
|
|
| 49 |
|
|
| 50 | 65 |
private String docId; |
| 51 |
private String principal; |
|
| 52 |
private int permission; |
|
| 53 |
private String permType; |
|
| 54 |
private String permOrder; |
|
| 55 | 66 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
| 56 | 67 |
|
| 57 | 68 |
|
| 58 | 69 |
/** |
| 59 | 70 |
* Construct an instance of the AccessControlForSingleFile class. |
| 60 | 71 |
* @param myAccessNumber the docid or docid with dev will be controlled |
| 61 |
* @param myprincipal the principal will have permission |
|
| 62 |
* @param myPermission the permission will be given |
|
| 63 |
* @param myPermType the permsission type, allow or deny |
|
| 64 |
* @param myPermOrder the permission order, allowFirst or denyFirst |
|
| 65 | 72 |
*/ |
| 66 |
public AccessControlForSingleFile(String myAccessionNumber, |
|
| 67 |
String myPrincipalName, |
|
| 68 |
String myPermission, |
|
| 69 |
String myPermType, |
|
| 70 |
String myPermOrder) |
|
| 71 |
throws Exception |
|
| 73 |
public AccessControlForSingleFile(String accessionNumber) throws AccessControlException |
|
| 72 | 74 |
{
|
| 73 |
try |
|
| 74 |
{
|
|
| 75 | 75 |
//Get rid of dev if myaccessNumber has one; |
| 76 |
docId = DocumentUtil.getDocIdFromString(myAccessionNumber);
|
|
| 76 |
docId = DocumentUtil.getDocIdFromString(accessionNumber);
|
|
| 77 | 77 |
if (docId == null || docId.equals(""))
|
| 78 | 78 |
{
|
| 79 |
throw new Exception("Docid couldn't be null");
|
|
| 79 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " +
|
|
| 80 |
"can't be null in constructor"); |
|
| 80 | 81 |
} |
| 81 |
// Check principal |
|
| 82 |
principal = myPrincipalName; |
|
| 83 |
if (principal == null || principal.equals(""))
|
|
| 84 |
{
|
|
| 85 |
throw new Exception("principal couldn't be null");
|
|
| 86 |
} |
|
| 87 |
// get permission value |
|
| 88 |
permission = AccessControlList.intValue(myPermission); |
|
| 89 |
if (permission == -1) |
|
| 90 |
{
|
|
| 91 |
throw new Exception("permission "+ myPermission + " is not valid");
|
|
| 92 |
} |
|
| 93 |
// check permission type |
|
| 94 |
permType = myPermType; |
|
| 95 |
// if permtype is not allow or deny, throw a exception |
|
| 96 |
if (permType == null |
|
| 97 |
|| (!permType.equals(AccessControlInterface.ALLOW) |
|
| 98 |
&& !permType.equals(AccessControlInterface.DENY))) |
|
| 99 |
{
|
|
| 100 |
throw new Exception("permtype should be "+AccessControlInterface.ALLOW+
|
|
| 101 |
" or " +AccessControlInterface.DENY); |
|
| 102 |
} |
|
| 103 |
// check permission order |
|
| 104 |
permOrder = myPermOrder; |
|
| 105 | 82 |
|
| 106 |
// If permission order is not allowFirst or denyFirst, default to denyFirst. |
|
| 107 |
if (permOrder == null || !permOrder.equals(AccessControlInterface.DENYFIRST)) {
|
|
| 108 |
permOrder = AccessControlInterface.ALLOWFIRST; |
|
| 109 |
} |
|
| 110 |
|
|
| 111 |
//debugMessage |
|
| 112 |
logMetacat.info("docid in AccessControlForSingleFiel: " +
|
|
| 113 |
docId); |
|
| 114 |
logMetacat.info("principal in AccessControlForSingleFiel: " +
|
|
| 115 |
principal); |
|
| 116 |
logMetacat.info("permission in AccessControlForSingleFiel: " +
|
|
| 117 |
permission); |
|
| 118 |
logMetacat.info("permType in AccessControlForSingleFiel: " +
|
|
| 119 |
permType); |
|
| 120 |
logMetacat.info("permOrder in AccessControlForSingleFiel: " +
|
|
| 121 |
permOrder); |
|
| 122 |
} |
|
| 123 |
catch (Exception e) |
|
| 124 |
{
|
|
| 125 |
logMetacat.error("Error in construct of AccessControlForSingle" +
|
|
| 126 |
"File for docid: " + docId + " : " + e.getMessage()); |
|
| 127 |
throw e; |
|
| 128 |
} |
|
| 83 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + docId);
|
|
| 84 |
|
|
| 129 | 85 |
} |
| 130 | 86 |
|
| 87 |
/** |
|
| 88 |
* Insert a single access record into the database based on access DAO |
|
| 89 |
* object |
|
| 90 |
* |
|
| 91 |
* @param xmlAccessDAO |
|
| 92 |
* dao object holding info to insert |
|
| 93 |
*/ |
|
| 94 |
public void insertPermissions(XMLAccessDAO xmlAccessDAO) throws AccessControlException{
|
|
| 95 |
insertPermissions(xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(), |
|
| 96 |
xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder()); |
|
| 97 |
} |
|
| 131 | 98 |
|
| 132 |
|
|
| 133 |
|
|
| 134 |
|
|
| 135 |
|
|
| 136 |
|
|
| 137 |
/**
|
|
| 138 |
* Method to insert records into xml_access table
|
|
| 139 |
*/
|
|
| 140 |
|
|
| 141 |
public void insertPermissions() throws AccessControlException {
|
|
| 99 |
/** |
|
| 100 |
* Insert a single access record into the database. |
|
| 101 |
* |
|
| 102 |
* @param principalName |
|
| 103 |
* @param permission |
|
| 104 |
* @param permType
|
|
| 105 |
* @param permOrder
|
|
| 106 |
* @throws AccessControlException
|
|
| 107 |
*/ |
|
| 108 |
public void insertPermissions(String principalName, Long permission, String permType, String permOrder) throws AccessControlException {
|
|
| 142 | 109 |
try {
|
| 143 | 110 |
// The addXMLAccess method will create the permission record if it does not exist. |
| 144 | 111 |
// It will bitwise OR to permissions if the principal already has a record for this |
| 145 | 112 |
// doc id. |
| 146 | 113 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 147 |
xmlAccessAccess.addXMLAccess(docId, principal, new Long(permission), permType, permOrder); |
|
| 114 |
xmlAccessAccess.addXMLAccess(docId, principalName, new Long(permission), permType, permOrder);
|
|
| 148 | 115 |
} catch (AccessException ae) {
|
| 149 | 116 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
| 150 | 117 |
+ "DB access error when inserting permissions: " + ae.getMessage()); |
| 151 | 118 |
} |
| 152 | 119 |
} |
| 153 | 120 |
|
| 154 |
/** |
|
| 121 |
/** |
|
| 122 |
* Replace existing permissions with a given block of permissions for this |
|
| 123 |
* document. |
|
| 155 | 124 |
* |
| 125 |
* @param accessBlock |
|
| 126 |
* the xml access block. This is the same structure as that |
|
| 127 |
* returned by the getdocumentinfo action in metacat. |
|
| 128 |
*/ |
|
| 129 |
public void insertPermissions(String accessBlock) throws AccessControlException {
|
|
| 130 |
try {
|
|
| 131 |
XMLReader parser = null; |
|
| 132 |
DocInfoHandler docInfoHandler = new DocInfoHandler(); |
|
| 133 |
ContentHandler chandler = docInfoHandler; |
|
| 134 |
|
|
| 135 |
// Get an instance of the parser |
|
| 136 |
String parserName = PropertyService.getProperty("xml.saxparser");
|
|
| 137 |
parser = XMLReaderFactory.createXMLReader(parserName); |
|
| 138 |
|
|
| 139 |
// Turn off validation |
|
| 140 |
parser.setFeature("http://xml.org/sax/features/validation", false);
|
|
| 141 |
parser.setContentHandler((ContentHandler)chandler); |
|
| 142 |
parser.setErrorHandler((ErrorHandler)chandler); |
|
| 143 |
|
|
| 144 |
parser.parse(new InputSource(new StringReader(accessBlock))); |
|
| 145 |
|
|
| 146 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
|
| 147 |
if (accessControlList != null) {
|
|
| 148 |
for (XMLAccessDAO xmlAccessDAO : accessControlList) {
|
|
| 149 |
insertPermissions(xmlAccessDAO); |
|
| 150 |
logMetacat.debug("AccessControlForSingleFile.insertPermissions - document " + docId
|
|
| 151 |
+ " permissions added to DB"); |
|
| 152 |
} |
|
| 153 |
} |
|
| 154 |
} catch (PropertyNotFoundException pnfe) {
|
|
| 155 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
|
| 156 |
+ "property error when inserting permissions: " + pnfe.getMessage()); |
|
| 157 |
} catch (SAXException se) {
|
|
| 158 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
|
| 159 |
+ "SAX error when inserting permissions: " + se.getMessage()); |
|
| 160 |
} catch(IOException ioe) {
|
|
| 161 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
|
| 162 |
+ "I/O error when inserting permissions: " + ioe.getMessage()); |
|
| 163 |
} |
|
| 164 |
} |
|
| 165 |
|
|
| 166 |
/** |
|
| 167 |
* |
|
| 156 | 168 |
* @return true if the Access Control for this file already exists in the DB |
| 157 | 169 |
* @throws SQLException |
| 158 | 170 |
*/ |
| 159 |
public boolean accessControlExists() throws SQLException |
|
| 160 |
{
|
|
| 161 |
boolean exists = false; |
|
| 162 |
PreparedStatement pstmt = null; |
|
| 163 |
DBConnection conn = null; |
|
| 164 |
int serialNumber = -1; |
|
| 165 |
try |
|
| 166 |
{
|
|
| 167 |
//check out DBConnection |
|
| 168 |
conn=DBConnectionPool.getDBConnection |
|
| 171 |
public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException {
|
|
| 172 |
boolean exists = false; |
|
| 173 |
PreparedStatement pstmt = null; |
|
| 174 |
DBConnection conn = null; |
|
| 175 |
int serialNumber = -1; |
|
| 176 |
try {
|
|
| 177 |
//check out DBConnection |
|
| 178 |
conn=DBConnectionPool.getDBConnection |
|
| 169 | 179 |
("AccessControlForSingleFiel.accessControlExists");
|
| 170 |
serialNumber=conn.getCheckOutSerialNumber();
|
|
| 171 |
pstmt = conn.prepareStatement(
|
|
| 172 |
"SELECT * FROM xml_access " +
|
|
| 173 |
"WHERE docid = ? " +
|
|
| 174 |
"AND principal_name = ? " +
|
|
| 175 |
"AND permission = ? " +
|
|
| 176 |
"AND perm_type = ? " +
|
|
| 177 |
"AND perm_order =? ");
|
|
| 180 |
serialNumber=conn.getCheckOutSerialNumber();
|
|
| 181 |
pstmt = conn.prepareStatement(
|
|
| 182 |
"SELECT * FROM xml_access " +
|
|
| 183 |
"WHERE docid = ? " +
|
|
| 184 |
"AND principal_name = ? " +
|
|
| 185 |
"AND permission = ? " +
|
|
| 186 |
"AND perm_type = ? " +
|
|
| 187 |
"AND perm_order =? ");
|
|
| 178 | 188 |
|
| 179 |
// Bind the values to the query
|
|
| 180 |
pstmt.setString(1, docId);
|
|
| 181 |
pstmt.setString(2, principal);
|
|
| 182 |
pstmt.setInt(3, permission);
|
|
| 183 |
pstmt.setString(4, permType);
|
|
| 184 |
pstmt.setString(5, permOrder);
|
|
| 189 |
// Bind the values to the query
|
|
| 190 |
pstmt.setString(1, docId);
|
|
| 191 |
pstmt.setString(2, xmlAccessDAO.getPrincipalName());
|
|
| 192 |
pstmt.setLong(3, xmlAccessDAO.getPermission());
|
|
| 193 |
pstmt.setString(4, xmlAccessDAO.getPermType());
|
|
| 194 |
pstmt.setString(5, xmlAccessDAO.getPermOrder());
|
|
| 185 | 195 |
|
| 186 |
pstmt.execute();
|
|
| 187 |
ResultSet rs = pstmt.getResultSet();
|
|
| 188 |
exists = rs.next();
|
|
| 196 |
pstmt.execute();
|
|
| 197 |
ResultSet rs = pstmt.getResultSet();
|
|
| 198 |
exists = rs.next();
|
|
| 189 | 199 |
|
| 190 |
}//try |
|
| 191 |
catch (SQLException e) |
|
| 192 |
{
|
|
| 193 |
logMetacat.error("Error in AccessControlForSingleFile.accessControlExists: "
|
|
| 194 |
+ e.getMessage()); |
|
| 195 |
throw e; |
|
| 196 |
} |
|
| 197 |
finally |
|
| 198 |
{
|
|
| 199 |
try |
|
| 200 |
{
|
|
| 201 |
pstmt.close(); |
|
| 202 |
} |
|
| 203 |
finally |
|
| 204 |
{
|
|
| 205 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 206 |
} |
|
| 207 |
} |
|
| 200 |
} catch (SQLException sqle){
|
|
| 201 |
throw new AccessControlException("AccessControlForSingleFile.accessControlExists - SQL error when " +
|
|
| 202 |
"checking if access control exists: " + sqle.getMessage()); |
|
| 203 |
} finally {
|
|
| 204 |
try {
|
|
| 205 |
if(pstmt != null) {
|
|
| 206 |
pstmt.close(); |
|
| 207 |
} |
|
| 208 |
} catch (SQLException sqle) {
|
|
| 209 |
logMetacat.error("AccessControlForSingleFile.accessControlExists - Could not close " +
|
|
| 210 |
"prepared statement: " +sqle.getMessage()); |
|
| 211 |
} finally {
|
|
| 212 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 213 |
} |
|
| 214 |
} |
|
| 208 | 215 |
|
| 209 |
return exists; |
|
| 210 |
|
|
| 211 |
} |
|
| 216 |
return exists; |
|
| 217 |
} |
|
| 212 | 218 |
|
| 213 |
public String getAccessString() {
|
|
| 214 |
StringBuffer sb = new StringBuffer(); |
|
| 215 |
sb.append("<access>");
|
|
| 216 |
|
|
| 217 |
sb.append("<permOrder>");
|
|
| 218 |
sb.append(this.permOrder); |
|
| 219 |
sb.append("</permOrder>");
|
|
| 220 |
|
|
| 221 |
sb.append("<permType>");
|
|
| 222 |
sb.append(this.permType); |
|
| 223 |
sb.append("</permType>");
|
|
| 224 |
|
|
| 225 |
sb.append("<permission>");
|
|
| 226 |
sb.append(AccessControlList.txtValue(this.permission)); |
|
| 227 |
sb.append("</permission>");
|
|
| 228 |
|
|
| 229 |
sb.append("<principal>");
|
|
| 230 |
sb.append(this.principal); |
|
| 231 |
sb.append("</principal>");
|
|
| 219 |
/** |
|
| 220 |
* Get Access Control List information for document from db connetion. User |
|
| 221 |
* or Group should have permissions for reading access control information |
|
| 222 |
* for a document specified by |
|
| 223 |
* |
|
| 224 |
* @docid. |
|
| 225 |
* @param docid |
|
| 226 |
* document identifier which acl info to get |
|
| 227 |
* @param user |
|
| 228 |
* name of user connected to Metacat system |
|
| 229 |
* @param groups |
|
| 230 |
* names of user's groups to which user belongs |
|
| 231 |
*/ |
|
| 232 |
public String getACL(String user, String[] groups, boolean emlCompliant) |
|
| 233 |
throws AccessControlException {
|
|
| 234 |
StringBuffer output = new StringBuffer(); |
|
| 235 |
boolean hasPermission = false; |
|
| 232 | 236 |
|
| 233 |
sb.append("</access>");
|
|
| 234 |
|
|
| 235 |
return sb.toString(); |
|
| 236 |
|
|
| 237 |
} |
|
| 237 |
try {
|
|
| 238 |
// Get a list of all access dao objects for this docid |
|
| 239 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
|
| 240 |
Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(docId); |
|
| 241 |
|
|
| 242 |
hasPermission = isOwned(docId, user); |
|
| 243 |
if (!hasPermission) {
|
|
| 244 |
PermissionController controller = new PermissionController(docId); |
|
| 245 |
hasPermission = |
|
| 246 |
controller.hasPermission(user, groups, READSTRING); |
|
| 247 |
} |
|
| 238 | 248 |
|
| 249 |
if (hasPermission) {
|
|
| 250 |
output.append(getAccessString(xmlAccessDAOList, emlCompliant)); |
|
| 251 |
} |
|
| 239 | 252 |
|
| 253 |
return output.toString(); |
|
| 254 |
|
|
| 255 |
} catch (SQLException sqle) {
|
|
| 256 |
throw new AccessControlException("AccessControlForSingleFile.getACL() - SQL error when " +
|
|
| 257 |
"getting ACL: " + sqle.getMessage()); |
|
| 258 |
} catch (AccessException ae) {
|
|
| 259 |
throw new AccessControlException("AccessControlForSingleFile.getACL() - DB access error when " +
|
|
| 260 |
"getting ACL: " + ae.getMessage()); |
|
| 261 |
} catch (McdbException mcdb) {
|
|
| 262 |
throw new AccessControlException("AccessControlForSingleFile.getACL() - MCDB error when " +
|
|
| 263 |
"getting ACL: " + mcdb.getMessage()); |
|
| 264 |
} |
|
| 265 |
} |
|
| 266 |
|
|
| 267 |
public String getAccessString() throws AccessControlException {
|
|
| 268 |
Vector<XMLAccessDAO> xmlAccessDAOList = null; |
|
| 269 |
|
|
| 270 |
try {
|
|
| 271 |
// Get a list of all access dao objects for this docid |
|
| 272 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
|
| 273 |
xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(docId); |
|
| 274 |
} catch (AccessException ae) {
|
|
| 275 |
throw new AccessControlException("AccessControlForSingleFile.getAccessString() - DB access error when " +
|
|
| 276 |
"getting access string: " + ae.getMessage()); |
|
| 277 |
} |
|
| 278 |
|
|
| 279 |
return getAccessString(xmlAccessDAOList, false); |
|
| 280 |
} |
|
| 281 |
|
|
| 282 |
public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList, boolean emlCompliant) throws AccessControlException {
|
|
| 283 |
|
|
| 284 |
StringBuffer output = new StringBuffer(); |
|
| 285 |
StringBuffer tmpOutput = new StringBuffer(); |
|
| 286 |
StringBuffer allowOutput = new StringBuffer(); |
|
| 287 |
StringBuffer denyOutput = new StringBuffer(); |
|
| 288 |
|
|
| 289 |
String principal = null; |
|
| 290 |
int permission = -1; |
|
| 291 |
String permOrder = ALLOWFIRST; |
|
| 292 |
String permType = null; |
|
| 293 |
|
|
| 294 |
// We assume that all the records will have the same permission order, so we can just |
|
| 295 |
// grab the perm order from the first one. |
|
| 296 |
if (xmlAccessDAOList.size() > 0) {
|
|
| 297 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
| 298 |
} |
|
| 299 |
|
|
| 300 |
if (emlCompliant) {
|
|
| 301 |
output.append("<?xml version=\"1.0\"?>\n<acc:access");
|
|
| 302 |
} else {
|
|
| 303 |
output.append("<access ");
|
|
| 304 |
} |
|
| 305 |
|
|
| 306 |
output.append(" authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + docId + "\" scope=\"document\"");
|
|
| 307 |
|
|
| 308 |
if (emlCompliant) {
|
|
| 309 |
output.append(" xmlns:acc=\"" + DocumentImpl.EML2_1_0NAMESPACE + "\"");
|
|
| 310 |
} |
|
| 311 |
|
|
| 312 |
output.append(">\n");
|
|
| 313 |
|
|
| 314 |
if (xmlAccessDAOList.size() > 0) {
|
|
| 315 |
// Since there should only be one permission order allowed per document, |
|
| 316 |
// we can just grab the order off of the first xml access dao object |
|
| 317 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
| 318 |
} |
|
| 319 |
|
|
| 320 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
|
|
| 321 |
principal = xmlAccessDAO.getPrincipalName(); |
|
| 322 |
permission = xmlAccessDAO.getPermission().intValue(); |
|
| 323 |
permType = xmlAccessDAO.getPermType(); |
|
| 324 |
|
|
| 325 |
tmpOutput.append(" <" + permType + ">\n");
|
|
| 326 |
tmpOutput.append(" <principal>" + principal + "</principal>\n");
|
|
| 327 |
|
|
| 328 |
if ((permission & READ) == READ) {
|
|
| 329 |
tmpOutput.append(" <permission>read</permission>\n");
|
|
| 330 |
} |
|
| 331 |
if ((permission & WRITE) == WRITE) {
|
|
| 332 |
tmpOutput.append(" <permission>write</permission>\n");
|
|
| 333 |
} |
|
| 334 |
if ((permission & ALL) == ALL) {
|
|
| 335 |
tmpOutput.append(" <permission>all</permission>\n");
|
|
| 336 |
} |
|
| 337 |
if ((permission & CHMOD) == CHMOD) {
|
|
| 338 |
tmpOutput.append(" <permission>chmod</permission>\n");
|
|
| 339 |
} |
|
| 340 |
|
|
| 341 |
tmpOutput.append(" </" + permType + ">\n");
|
|
| 342 |
|
|
| 343 |
if (permType.equals(ALLOW)) {
|
|
| 344 |
allowOutput.append(tmpOutput); |
|
| 345 |
} else if (permType.equals(DENY)) {
|
|
| 346 |
denyOutput.append(tmpOutput); |
|
| 347 |
} |
|
| 348 |
tmpOutput = new StringBuffer(); |
|
| 349 |
} |
|
| 350 |
|
|
| 351 |
// This just orders the allow/deny sections based on the permOrder. Not |
|
| 352 |
// required, but convenient later when parsing the output. |
|
| 353 |
if (permOrder.equals(ALLOWFIRST)) {
|
|
| 354 |
output.append(allowOutput); |
|
| 355 |
output.append(denyOutput); |
|
| 356 |
} else if (permOrder.equals(DENYFIRST)) {
|
|
| 357 |
output.append(denyOutput); |
|
| 358 |
output.append(allowOutput); |
|
| 359 |
} |
|
| 360 |
|
|
| 361 |
if (emlCompliant) {
|
|
| 362 |
output.append("</acc:access>");
|
|
| 363 |
} else {
|
|
| 364 |
output.append("</access>");
|
|
| 365 |
} |
|
| 366 |
|
|
| 367 |
return output.toString(); |
|
| 368 |
} |
|
| 369 |
|
|
| 370 |
/* Check if @user is owner of @docid from db conn. */ |
|
| 371 |
private boolean isOwned(String docid, String user) throws SQLException {
|
|
| 372 |
PreparedStatement pstmt = null; |
|
| 373 |
DBConnection conn = null; |
|
| 374 |
int serialNumber = -1; |
|
| 375 |
try {
|
|
| 376 |
// check out DBConnection |
|
| 377 |
conn = DBConnectionPool.getDBConnection("AccessControlList.isOwned");
|
|
| 378 |
serialNumber = conn.getCheckOutSerialNumber(); |
|
| 379 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents "
|
|
| 380 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
|
| 381 |
pstmt.setString(1, docid); |
|
| 382 |
pstmt.setString(2, user); |
|
| 383 |
pstmt.execute(); |
|
| 384 |
ResultSet rs = pstmt.getResultSet(); |
|
| 385 |
boolean hasRow = rs.next(); |
|
| 386 |
return hasRow; |
|
| 387 |
} finally {
|
|
| 388 |
try {
|
|
| 389 |
if (pstmt != null) {
|
|
| 390 |
pstmt.close(); |
|
| 391 |
} |
|
| 392 |
} finally {
|
|
| 393 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 394 |
} |
|
| 395 |
} |
|
| 396 |
} |
|
| 397 |
|
|
| 398 |
|
|
| 399 |
|
|
| 400 |
// public String getAccessString() throws AccessControlException {
|
|
| 401 |
// Vector<XMLAccessDAO> xmlAccessDAOList = null; |
|
| 402 |
// try {
|
|
| 403 |
// XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
|
| 404 |
// xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(docId); |
|
| 405 |
// } catch (AccessException ae) {
|
|
| 406 |
// throw new AccessControlException("AccessControlForSingleFile.getAccessString - error when getting " +
|
|
| 407 |
// "access DAO list: " + ae.getMessage()); |
|
| 408 |
// } |
|
| 409 |
// |
|
| 410 |
// StringBuffer sb = new StringBuffer(); |
|
| 411 |
// |
|
| 412 |
// for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
|
|
| 413 |
// sb.append("<access>");
|
|
| 414 |
// |
|
| 415 |
// sb.append("<permOrder>");
|
|
| 416 |
// sb.append(xmlAccessDAO.getPermOrder()); |
|
| 417 |
// sb.append("</permOrder>");
|
|
| 418 |
// |
|
| 419 |
// sb.append("<permType>");
|
|
| 420 |
// sb.append(xmlAccessDAO.getPermType()); |
|
| 421 |
// sb.append("</permType>");
|
|
| 422 |
// |
|
| 423 |
// sb.append("<permission>");
|
|
| 424 |
// sb.append(xmlAccessDAO.getPermission()); |
|
| 425 |
// sb.append("</permission>");
|
|
| 426 |
// |
|
| 427 |
// sb.append("<principal>");
|
|
| 428 |
// sb.append(xmlAccessDAO.getPrincipalName()); |
|
| 429 |
// sb.append("</principal>");
|
|
| 430 |
// |
|
| 431 |
// sb.append("</access>");
|
|
| 432 |
// } |
|
| 433 |
// |
|
| 434 |
// return sb.toString(); |
|
| 435 |
// |
|
| 436 |
// } |
|
| 437 |
|
|
| 438 |
|
|
| 240 | 439 |
} |
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlList.java | ||
|---|---|---|
| 51 | 51 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 52 | 52 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 53 | 53 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| 54 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
|
| 54 | 55 |
import edu.ucsb.nceas.metacat.util.MetacatUtil; |
| 55 | 56 |
import edu.ucsb.nceas.metacat.util.SystemUtil; |
| 56 | 57 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
| ... | ... | |
| 90 | 91 |
private int permission; |
| 91 | 92 |
private String permType; |
| 92 | 93 |
private String permOrder; |
| 93 |
// private String publicAcc; |
|
| 94 | 94 |
private String beginTime; |
| 95 | 95 |
private String endTime; |
| 96 | 96 |
private int ticketCount; |
| ... | ... | |
| 680 | 680 |
return txtPerm.toString(); |
| 681 | 681 |
} |
| 682 | 682 |
|
| 683 |
// /* Get the text value of READ, WRITE or ALL. */ |
|
| 684 |
// public static String txtValue ( int permission ) |
|
| 685 |
// {
|
|
| 686 |
// StringBuffer txtPerm = new StringBuffer(); |
|
| 687 |
// if (permission == READ) {
|
|
| 688 |
// txtPerm.append("READ");
|
|
| 689 |
// } |
|
| 690 |
// if (permission == WRITE) {
|
|
| 691 |
// txtPerm.append("WRITE");
|
|
| 692 |
// } |
|
| 693 |
// if (permission == ALL) {
|
|
| 694 |
// txtPerm.append("ALL");
|
|
| 695 |
// } |
|
| 696 |
// |
|
| 697 |
// return txtPerm.toString(); |
|
| 698 |
// } |
|
| 699 |
|
|
| 700 |
/** |
|
| 701 |
* Get Access Control List information for document from db connetion. |
|
| 702 |
* User or Group should have permissions for reading |
|
| 703 |
* access control information for a document specified by @docid. |
|
| 704 |
* @param docid document identifier which acl info to get |
|
| 705 |
* @param user name of user connected to Metacat system |
|
| 706 |
* @param groups names of user's groups to which user belongs |
|
| 707 |
*/ |
|
| 708 |
public String getACL(String docid, String user, String[] groups) |
|
| 709 |
throws SQLException, Exception |
|
| 710 |
{
|
|
| 711 |
StringBuffer output = new StringBuffer(); |
|
| 712 |
StringBuffer outTemp = new StringBuffer(); |
|
| 713 |
String accDoctype = PropertyService.getProperty("xml.accessdoctype");
|
|
| 714 |
String server = PropertyService.getProperty("server.name");
|
|
| 715 |
String docurl = "metacat://" + server + "/?docid=" + docid; |
|
| 716 |
String systemID; |
|
| 717 |
boolean isOwned = false; |
|
| 718 |
boolean hasPermission = false; |
|
| 719 |
String publicAcc; |
|
| 720 |
|
|
| 721 |
String acfid = ""; |
|
| 722 |
String acfid_prev = ""; |
|
| 723 |
String principal; |
|
| 724 |
Vector principalArr = new Vector(); |
|
| 725 |
int permission; |
|
| 726 |
int perm_prev = -1; |
|
| 727 |
String permType; |
|
| 728 |
String permOrder = ""; |
|
| 729 |
String permOrder_prev = ""; |
|
| 730 |
String beginTime = ""; |
|
| 731 |
String begin_prev = ""; |
|
| 732 |
String endTime = ""; |
|
| 733 |
String end_prev = ""; |
|
| 734 |
int ticketCount = -1; |
|
| 735 |
int ticket_prev = -1; |
|
| 736 |
DBConnection conn = null; |
|
| 737 |
int serialNumber = -1; |
|
| 738 |
PreparedStatement pstmt = null; |
|
| 739 |
try {
|
|
| 740 |
|
|
| 741 |
//check out DBConnection |
|
| 742 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACL");
|
|
| 743 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 744 |
|
|
| 745 |
isOwned = isOwned(docid, user); |
|
| 746 |
systemID = getSystemID((String)MetacatUtil. |
|
| 747 |
getOptionList(accDoctype).elementAt(0)); |
|
| 748 |
publicAcc = getPublicAccess(docid); |
|
| 749 |
|
|
| 750 |
output.append("<?xml version=\"1.0\"?>\n");
|
|
| 751 |
output.append("<!DOCTYPE acl PUBLIC \"" + accDoctype + "\" \"" +
|
|
| 752 |
systemID + "\">\n"); |
|
| 753 |
output.append("<acl authSystem=\"\">\n");
|
|
| 754 |
|
|
| 755 |
|
|
| 756 |
pstmt = conn.prepareStatement( |
|
| 757 |
"SELECT distinct accessfileid, principal_name, permission, " + |
|
| 758 |
"perm_type, perm_order, to_char(begin_time,'mm/dd/yyyy'), " + |
|
| 759 |
"to_char(end_time,'mm/dd/yyyy'), ticket_count " + |
|
| 760 |
"FROM xml_access WHERE docid = ? " + |
|
| 761 |
"ORDER BY accessfileid, perm_order, perm_type, permission"); |
|
| 762 |
// Bind the values to the query |
|
| 763 |
pstmt.setString(1, docid); |
|
| 764 |
logMetacat.debug("running sql: " + pstmt.toString());
|
|
| 765 |
pstmt.execute(); |
|
| 766 |
ResultSet rs = pstmt.getResultSet(); |
|
| 767 |
boolean hasRows = rs.next(); |
|
| 768 |
while (hasRows) {
|
|
| 769 |
|
|
| 770 |
acfid = rs.getString(1); |
|
| 771 |
principal = rs.getString(2); |
|
| 772 |
permission = rs.getInt(3); |
|
| 773 |
permType = rs.getString(4); |
|
| 774 |
permOrder = rs.getString(5); |
|
| 775 |
beginTime = rs.getString(6); |
|
| 776 |
endTime = rs.getString(7); |
|
| 777 |
ticketCount = rs.getInt(8); |
|
| 778 |
|
|
| 779 |
// if @docid is not owned by @user, only ACL info from that |
|
| 780 |
// access files to which @user/@groups has "read" permission |
|
| 781 |
// is extracted |
|
| 782 |
if ( !isOwned ) {
|
|
| 783 |
if ( !acfid.equals(acfid_prev) ) {
|
|
| 784 |
acfid_prev = acfid; |
|
| 785 |
//hasPermission = this.hasPermission("READ",user,groups,acfid);
|
|
| 786 |
PermissionController controller = new PermissionController(acfid); |
|
| 787 |
hasPermission = controller.hasPermission(user,groups, |
|
| 788 |
AccessControlInterface.READSTRING); |
|
| 789 |
} |
|
| 790 |
if ( !hasPermission ) {
|
|
| 791 |
rs.next(); |
|
| 792 |
continue; |
|
| 793 |
} |
|
| 794 |
} |
|
| 795 |
|
|
| 796 |
// open <resource> tag |
|
| 797 |
if ( !permOrder.equals(permOrder_prev) ) {
|
|
| 798 |
// close </resource> tag if any was opened |
|
| 799 |
output.append(outTemp.toString()); |
|
| 800 |
outTemp = new StringBuffer(); |
|
| 801 |
if ( !permOrder_prev.equals("") ) {
|
|
| 802 |
output.append(" </resource>\n");
|
|
| 803 |
} |
|
| 804 |
output.append(" <resource order=\"" + permOrder + "\" public=\"" +
|
|
| 805 |
publicAcc + "\">\n"); |
|
| 806 |
output.append(" <resourceIdentifier>" + docurl +
|
|
| 807 |
"</resourceIdentifier>\n"); |
|
| 808 |
permOrder_prev = permOrder; |
|
| 809 |
} |
|
| 810 |
|
|
| 811 |
// close </allow> or </deny> tag then open new one |
|
| 812 |
if ( permission != perm_prev || |
|
| 813 |
(endTime == null) && (end_prev != null) || |
|
| 814 |
(beginTime == null) && (begin_prev != null) || |
|
| 815 |
endTime != null && !endTime.equals(end_prev) || |
|
| 816 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
| 817 |
ticketCount != ticket_prev ) {
|
|
| 818 |
output.append(outTemp.toString()); |
|
| 819 |
outTemp = new StringBuffer(); |
|
| 820 |
principalArr.removeAllElements(); |
|
| 821 |
output.append(" <" + permType + ">\n");
|
|
| 822 |
} |
|
| 823 |
|
|
| 824 |
// put all principals here for the same |
|
| 825 |
// permission, duration and ticket_count |
|
| 826 |
if ( !principalArr.contains(principal) ) {
|
|
| 827 |
principalArr.addElement(principal); |
|
| 828 |
output.append(" <principal>" + principal + "</principal>\n");
|
|
| 829 |
} |
|
| 830 |
|
|
| 831 |
// prepare <permission> tags, <duration> and <ticketCount> |
|
| 832 |
// if any to put within <allow> (<deny>) by next cicle |
|
| 833 |
if ( permission != perm_prev || |
|
| 834 |
(endTime == null) && (end_prev != null) || |
|
| 835 |
(beginTime == null) && (begin_prev != null) || |
|
| 836 |
endTime != null && !endTime.equals(end_prev) || |
|
| 837 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
| 838 |
ticketCount != ticket_prev ) {
|
|
| 839 |
if ( (permission & READ) == READ ) {
|
|
| 840 |
outTemp.append(" <permission>read</permission>\n");
|
|
| 841 |
} |
|
| 842 |
if ( (permission & WRITE) == WRITE ) {
|
|
| 843 |
outTemp.append(" <permission>write</permission>\n");
|
|
| 844 |
} |
|
| 845 |
if ( (permission & ALL) == ALL ) {
|
|
| 846 |
outTemp.append(" <permission>all</permission>\n");
|
|
| 847 |
} |
|
| 848 |
if ( (permission & CHMOD) == CHMOD ) {
|
|
| 849 |
outTemp.append(" <permission>chmod</permission>\n");
|
|
| 850 |
} |
|
| 851 |
if ( (beginTime != null) || (endTime != null) ) {
|
|
| 852 |
outTemp.append(" <duration>" + beginTime + " " + endTime +
|
|
| 853 |
"</duration>\n"); |
|
| 854 |
} |
|
| 855 |
if ( ticketCount > 0 ) {
|
|
| 856 |
outTemp.append(" <ticketCount>" + ticketCount +
|
|
| 857 |
"</ticketCount>\n"); |
|
| 858 |
} |
|
| 859 |
outTemp.append(" </" + permType + ">\n");
|
|
| 860 |
perm_prev = permission; |
|
| 861 |
ticket_prev = ticketCount; |
|
| 862 |
begin_prev = beginTime; |
|
| 863 |
end_prev = endTime; |
|
| 864 |
} |
|
| 865 |
|
|
| 866 |
hasRows = rs.next(); |
|
| 867 |
} |
|
| 868 |
|
|
| 869 |
// close <allow> or <deny> if anything left in outTemp var |
|
| 870 |
output.append(outTemp.toString()); |
|
| 871 |
|
|
| 872 |
// If there are no any acl info for @docid accessible by @user/@group, |
|
| 873 |
// extract only the following information |
|
| 874 |
if ( permOrder.equals("") ) {
|
|
| 875 |
output.append(" <resource public=\"" + publicAcc + "\">\n");
|
|
| 876 |
output.append(" <resourceIdentifier>" + docurl +
|
|
| 877 |
"</resourceIdentifier>\n"); |
|
| 878 |
} |
|
| 879 |
|
|
| 880 |
// always close them |
|
| 881 |
output.append(" </resource>\n");
|
|
| 882 |
output.append("</acl>\n");
|
|
| 883 |
|
|
| 884 |
pstmt.close(); |
|
| 885 |
|
|
| 886 |
return output.toString(); |
|
| 887 |
|
|
| 888 |
} catch (SQLException e) {
|
|
| 889 |
throw new |
|
| 890 |
SQLException("AccessControlList.getACL(). " + e.getMessage());
|
|
| 891 |
} |
|
| 892 |
finally |
|
| 893 |
{
|
|
| 894 |
try |
|
| 895 |
{
|
|
| 896 |
pstmt.close(); |
|
| 897 |
} |
|
| 898 |
finally |
|
| 899 |
{
|
|
| 900 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 901 |
} |
|
| 902 |
} |
|
| 903 |
} |
|
| 904 |
|
|
| 905 |
/* Check if @user is owner of @docid from db conn. */ |
|
| 906 |
private boolean isOwned(String docid, String user) throws SQLException {
|
|
| 907 |
|
|
| 908 |
PreparedStatement pstmt = null; |
|
| 909 |
DBConnection conn = null; |
|
| 910 |
int serialNumber = -1; |
|
| 911 |
try |
|
| 912 |
{
|
|
| 913 |
//check out DBConnection |
|
| 914 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned");
|
|
| 915 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 916 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
|
|
| 917 |
"WHERE docid = ? " + |
|
| 918 |
"AND user_owner = ?"); |
|
| 919 |
pstmt.setString(1, docid); |
|
| 920 |
pstmt.setString(2, user); |
|
| 921 |
pstmt.execute(); |
|
| 922 |
ResultSet rs = pstmt.getResultSet(); |
|
| 923 |
boolean hasRow = rs.next(); |
|
| 924 |
return hasRow; |
|
| 925 |
} |
|
| 926 |
finally |
|
| 927 |
{
|
|
| 928 |
try |
|
| 929 |
{
|
|
| 930 |
pstmt.close(); |
|
| 931 |
} |
|
| 932 |
finally |
|
| 933 |
{
|
|
| 934 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 935 |
} |
|
| 936 |
} |
|
| 937 |
} |
|
| 938 |
|
|
| 939 | 683 |
/* Get the flag for public "read" access for @docid from db conn. */ |
| 940 | 684 |
private String getPublicAccess(String docid) throws SQLException {
|
| 941 | 685 |
|
| src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
|---|---|---|
| 73 | 73 |
import com.oreilly.servlet.multipart.ParamPart; |
| 74 | 74 |
import com.oreilly.servlet.multipart.Part; |
| 75 | 75 |
|
| 76 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlException; |
|
| 76 | 77 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
| 77 | 78 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
| 78 | 79 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlList; |
| ... | ... | |
| 89 | 90 |
import edu.ucsb.nceas.metacat.service.ServiceService; |
| 90 | 91 |
import edu.ucsb.nceas.metacat.service.SessionService; |
| 91 | 92 |
import edu.ucsb.nceas.metacat.service.XMLSchemaService; |
| 93 |
import edu.ucsb.nceas.metacat.shared.ServiceException; |
|
| 92 | 94 |
import edu.ucsb.nceas.metacat.shared.BaseException; |
| 93 | 95 |
import edu.ucsb.nceas.metacat.shared.HandlerException; |
| 94 | 96 |
import edu.ucsb.nceas.metacat.shared.MetacatUtilException; |
| 95 |
import edu.ucsb.nceas.metacat.shared.ServiceException;
|
|
| 97 |
//import edu.ucsb.nceas.metacat.shared.AccessException;
|
|
| 96 | 98 |
import edu.ucsb.nceas.metacat.spatial.SpatialHarvester; |
| 97 | 99 |
import edu.ucsb.nceas.metacat.spatial.SpatialQuery; |
| 98 | 100 |
import edu.ucsb.nceas.metacat.util.AuthUtil; |
| ... | ... | |
| 2722 | 2724 |
} |
| 2723 | 2725 |
|
| 2724 | 2726 |
try {
|
| 2725 |
|
|
| 2726 |
// get connection from the pool |
|
| 2727 |
dbConn = DBConnectionPool |
|
| 2728 |
.getDBConnection("MetaCatServlet.handleGetAccessControlAction");
|
|
| 2729 |
serialNumber = dbConn.getCheckOutSerialNumber(); |
|
| 2730 |
AccessControlList aclobj = new AccessControlList(dbConn); |
|
| 2731 |
String acltext = aclobj.getACL(docid, username, groupnames); |
|
| 2727 |
AccessControlForSingleFile acfsf = new AccessControlForSingleFile(docid); |
|
| 2728 |
String acltext = acfsf.getACL(username, groupnames, true); |
|
| 2732 | 2729 |
if (qformat.equals("xml")) {
|
| 2733 | 2730 |
response.setContentType("text/xml");
|
| 2734 | 2731 |
out.println(acltext); |
| ... | ... | |
| 3508 | 3505 |
private void handleSetAccessAction(PrintWriter out, Hashtable<String, String[]> params, |
| 3509 | 3506 |
String username, HttpServletRequest request, HttpServletResponse response) {
|
| 3510 | 3507 |
Logger logMetacat = Logger.getLogger(MetaCatServlet.class); |
| 3511 |
String[] docList = null; |
|
| 3512 |
String[] principalList = null; |
|
| 3513 |
String[] permissionList = null; |
|
| 3514 |
String[] permTypeList = null; |
|
| 3515 |
String[] permOrderList = null; |
|
| 3516 |
String[] qformatList = null; |
|
| 3508 |
|
|
| 3517 | 3509 |
String permission = null; |
| 3518 | 3510 |
String permType = null; |
| 3519 | 3511 |
String permOrder = null; |
| ... | ... | |
| 3523 | 3515 |
String success = null; |
| 3524 | 3516 |
boolean isEmlPkgMember = false; |
| 3525 | 3517 |
|
| 3526 |
// Get parameters |
|
| 3527 |
if (params.containsKey("docid")) {
|
|
| 3528 |
docList = params.get("docid");
|
|
| 3529 |
} |
|
| 3530 |
if (params.containsKey("principal")) {
|
|
| 3531 |
principalList = params.get("principal");
|
|
| 3532 |
} |
|
| 3533 |
if (params.containsKey("permission")) {
|
|
| 3534 |
permissionList = params.get("permission");
|
|
| 3535 |
|
|
| 3536 |
} |
|
| 3537 |
if (params.containsKey("permType")) {
|
|
| 3538 |
permTypeList = params.get("permType");
|
|
| 3539 |
|
|
| 3540 |
} |
|
| 3541 |
if (params.containsKey("permOrder")) {
|
|
| 3542 |
permOrderList = params.get("permOrder");
|
|
| 3543 |
|
|
| 3544 |
} |
|
| 3518 |
String[] docList = params.get("docid");
|
|
| 3519 |
String[] principalList = params.get("principal");
|
|
| 3520 |
String[] permissionList = params.get("permission");
|
|
| 3521 |
String[] permTypeList = params.get("permType");
|
|
| 3522 |
String[] permOrderList = params.get("permOrder");
|
|
| 3523 |
String[] qformatList = params.get("qformat");
|
|
| 3524 |
String[] accessBlock = params.get("accessBlock");
|
|
| 3545 | 3525 |
|
| 3546 |
if (params.containsKey("qformat")) {
|
|
| 3547 |
qformatList = params.get("qformat");
|
|
| 3548 |
|
|
| 3526 |
if(accessBlock != null) {
|
|
| 3527 |
if (docList == null) {
|
|
| 3528 |
errorList.addElement("MetaCatServlet.handleSetAccessAction - Please check your parameter list, it should look like: "
|
|
| 3529 |
+ "?action=setaccess&docid=<doc_id>&accessBlock=<access_section>"); |
|
| 3530 |
outputResponse(successList, errorList, out); |
|
| 3531 |
return; |
|
| 3532 |
} |
|
| 3533 |
|
|
| 3534 |
try {
|
|
| 3535 |
AccessControlForSingleFile accessControl = |
|
| 3536 |
new AccessControlForSingleFile(docList[0]); |
|
| 3537 |
accessControl.insertPermissions(accessBlock[0]); |
|
| 3538 |
} catch(AccessControlException ace) {
|
|
| 3539 |
errorList.addElement("MetaCatServlet.handleSetAccessAction - access control error when setting " +
|
|
| 3540 |
"access block: " + ace.getMessage()); |
|
| 3541 |
} |
|
| 3542 |
outputResponse(successList, errorList, out); |
|
| 3543 |
return; |
|
| 3549 | 3544 |
} |
| 3550 | 3545 |
|
| 3551 | 3546 |
// Make sure the parameter is not null |
| ... | ... | |
| 3606 | 3601 |
} catch (Exception e) {
|
| 3607 | 3602 |
logMetacat.error("MetaCatServlet.handleSetAccessAction - Error in handleSetAccessAction: "
|
| 3608 | 3603 |
+ e.getMessage()); |
| 3609 |
error = "Error in set access control for document - " |
|
| 3610 |
+ accessionNumber + e.getMessage(); |
|
| 3604 |
error = "Error in set access control for document - " + accessionNumber + e.getMessage(); |
|
| 3611 | 3605 |
errorList.addElement(error); |
| 3612 | 3606 |
continue; |
| 3613 | 3607 |
} |
| 3614 | 3608 |
//check if user is the owner. Only owner can do owner |
| 3615 | 3609 |
if (username == null || owner == null || !username.equals(owner)) {
|
| 3616 |
error = "User - " + username |
|
| 3617 |
+ " does not have permission to set " |
|
| 3610 |
error = "User - " + username + " does not have permission to set " |
|
| 3618 | 3611 |
+ "access control for docid - " + accessionNumber; |
| 3619 | 3612 |
errorList.addElement(error); |
| 3620 | 3613 |
continue; |
| ... | ... | |
| 3626 | 3619 |
if (isEmlPkgMember == false) |
| 3627 | 3620 |
isEmlPkgMember = (DBUtil.findDataSetDocIdForGivenDocument(accessionNumber) != null); |
| 3628 | 3621 |
|
| 3629 |
// If docid publicid is BIN data file or other beta4, 6 package |
|
| 3630 |
// document |
|
| 3631 |
// we could not do set access control. Because we don't want |
|
| 3632 |
// inconsistent |
|
| 3622 |
// If docid publicid is BIN data file or other beta4, 6 package document |
|
| 3623 |
// we could not do set access control. Because we don't want inconsistent |
|
| 3633 | 3624 |
// to its access docuemnt |
| 3634 | 3625 |
if (publicId != null && packageSet != null |
| 3635 | 3626 |
&& packageSet.contains(publicId) && isEmlPkgMember) {
|
| 3636 |
error = "Could not set access control to document " |
|
| 3637 |
+ accessionNumber |
|
| 3627 |
error = "Could not set access control to document " + accessionNumber |
|
| 3638 | 3628 |
+ "because it is in a pakcage and it has a access file for it"; |
| 3639 | 3629 |
errorList.addElement(error); |
| 3640 | 3630 |
continue; |
| ... | ... | |
| 3645 | 3635 |
String principal = principalList[j]; |
| 3646 | 3636 |
try {
|
| 3647 | 3637 |
//insert permission |
| 3648 |
AccessControlForSingleFile accessControl = new AccessControlForSingleFile(
|
|
| 3649 |
accessionNumber, principal, permission, permType, permOrder);
|
|
| 3650 |
accessControl.insertPermissions(); |
|
| 3638 |
AccessControlForSingleFile accessControl = |
|
| 3639 |
new AccessControlForSingleFile(accessionNumber);
|
|
| 3640 |
accessControl.insertPermissions(principal, Long.valueOf(permission), permType, permOrder);
|
|
| 3651 | 3641 |
} catch (Exception ee) {
|
| 3652 | 3642 |
logMetacat.error("MetaCatServlet.handleSetAccessAction - Error inserting permission: "
|
| 3653 | 3643 |
+ ee.getMessage()); |
| src/edu/ucsb/nceas/metacat/PermissionController.java | ||
|---|---|---|
| 55 | 55 |
// access for this docid |
| 56 | 56 |
private Vector subTreeList = new Vector(); |
| 57 | 57 |
|
| 58 |
private long TOPLEVELSTARTNODEID = 0; //if start node is 0, means it is top |
|
| 58 |
private static final long TOPLEVELSTARTNODEID = 0; //if start node is 0, means it is top
|
|
| 59 | 59 |
//level document |
| 60 | 60 |
|
| 61 | 61 |
private static Logger logMetacat = Logger.getLogger(PermissionController.class); |
| ... | ... | |
| 663 | 663 |
|
| 664 | 664 |
}//isAllowFirst |
| 665 | 665 |
|
| 666 |
/** |
|
| 667 |
* Check if the permission order for user at that documents is allowFirst |
|
| 668 |
* @param principals, list of names of principals to check for |
|
| 669 |
* @param docid, document identifier to check for |
|
| 670 |
*/ |
|
| 671 |
public Vector<AccessControlForSingleFile> getAccessControl() |
|
| 672 |
throws SQLException, Exception |
|
| 673 |
{
|
|
| 674 |
Vector<AccessControlForSingleFile> accessControl = new Vector<AccessControlForSingleFile>(); |
|
| 675 |
boolean hasRow; |
|
| 676 |
PreparedStatement pStmt = null; |
|
| 677 |
DBConnection conn = null; |
|
| 678 |
int serialNumber = -1; |
|
| 679 |
String sql = null; |
|
| 680 |
boolean topLever =false; |
|
| 681 |
sql = "SELECT principal_name, permission, perm_type, perm_order FROM xml_access "; |
|
| 682 |
|
|
| 683 |
//TODO, need this? |
|
| 684 |
long startId = 0; |
|
| 685 |
if (startId == TOPLEVELSTARTNODEID) |
|
| 686 |
{
|
|
| 687 |
//top level |
|
| 688 |
topLever = true; |
|
| 689 |
sql += "WHERE docid = ? AND startnodeid is NULL"; |
|
| 690 |
} |
|
| 691 |
else |
|
| 692 |
{
|
|
| 693 |
//sub tree level |
|
| 694 |
sql += "WHERE docid = ? AND startnodeid = ?"; |
|
| 695 |
} |
|
| 696 |
|
|
| 697 |
try |
|
| 698 |
{
|
|
| 699 |
//check out DBConnection |
|
| 700 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getPermissions");
|
|
| 701 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 702 |
|
|
| 703 |
//select permission order from database |
|
| 704 |
pStmt = conn.prepareStatement(sql); |
|
| 705 |
|
|
| 706 |
//bind value |
|
| 707 |
pStmt.setString(1, docId);//docid |
|
| 708 |
|
|
| 709 |
// if subtree, we need set subtree id |
|
| 710 |
if (!topLever) |
|
| 711 |
{
|
|
| 712 |
pStmt.setLong(2, startId); |
|
| 713 |
} |
|
| 714 |
|
|
| 715 |
pStmt.execute(); |
|
| 716 |
ResultSet rs = pStmt.getResultSet(); |
|
| 717 |
while (rs.next()) |
|
| 718 |
{
|
|
| 719 |
//get the permission order from data base |
|
| 720 |
String principalName=rs.getString(1); |
|
| 721 |
String permission=rs.getString(2); |
|
| 722 |
String permType=rs.getString(3); |
|
| 723 |
String permOrder=rs.getString(4); |
|
| 724 |
|
|
| 725 |
//translate to string version |
|
| 726 |
String myPermission = AccessControlList.txtValue(Integer.parseInt(permission)); |
|
| 727 |
|
|
| 728 |
//make it into an object |
|
| 729 |
AccessControlForSingleFile acfsf = |
|
| 730 |
new AccessControlForSingleFile(docId, principalName, myPermission, permType, permOrder); |
|
| 731 |
accessControl.add(acfsf); |
|
| 732 |
} |
|
| 733 |
pStmt.close(); |
|
| 734 |
}//try |
|
| 735 |
catch (SQLException e) |
|
| 736 |
{
|
|
| 737 |
throw e; |
|
| 738 |
} |
|
| 739 |
finally |
|
| 740 |
{
|
|
| 741 |
try |
|
| 742 |
{
|
|
| 743 |
pStmt.close(); |
|
| 744 |
} |
|
| 745 |
finally |
|
| 746 |
{
|
|
| 747 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 748 |
} |
|
| 749 |
} |
|
| 750 |
|
|
| 751 |
return accessControl; |
|
| 752 |
|
|
| 753 |
}//getPermissions |
|
| 754 |
|
|
| 755 | 666 |
/** |
| 756 | 667 |
* Check if the users array has allow rules for given users, docid and |
| 757 | 668 |
* permission. |
Also available in: Unified diff
change AccessControlForSingleFile to only be instantiated for one file. move ACL methods to AccessControlForSingleFile. Change format of access sections returned to EML 2.1.0.