Revision 5098
Added by daigle over 14 years ago
| AccessControlList.java | ||
|---|---|---|
| 51 | 51 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 52 | 52 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 53 | 53 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| 54 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
|
| 54 | 55 |
import edu.ucsb.nceas.metacat.util.MetacatUtil; |
| 55 | 56 |
import edu.ucsb.nceas.metacat.util.SystemUtil; |
| 56 | 57 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
| ... | ... | |
| 90 | 91 |
private int permission; |
| 91 | 92 |
private String permType; |
| 92 | 93 |
private String permOrder; |
| 93 |
// private String publicAcc; |
|
| 94 | 94 |
private String beginTime; |
| 95 | 95 |
private String endTime; |
| 96 | 96 |
private int ticketCount; |
| ... | ... | |
| 680 | 680 |
return txtPerm.toString(); |
| 681 | 681 |
} |
| 682 | 682 |
|
| 683 |
// /* Get the text value of READ, WRITE or ALL. */ |
|
| 684 |
// public static String txtValue ( int permission ) |
|
| 685 |
// {
|
|
| 686 |
// StringBuffer txtPerm = new StringBuffer(); |
|
| 687 |
// if (permission == READ) {
|
|
| 688 |
// txtPerm.append("READ");
|
|
| 689 |
// } |
|
| 690 |
// if (permission == WRITE) {
|
|
| 691 |
// txtPerm.append("WRITE");
|
|
| 692 |
// } |
|
| 693 |
// if (permission == ALL) {
|
|
| 694 |
// txtPerm.append("ALL");
|
|
| 695 |
// } |
|
| 696 |
// |
|
| 697 |
// return txtPerm.toString(); |
|
| 698 |
// } |
|
| 699 |
|
|
| 700 |
/** |
|
| 701 |
* Get Access Control List information for document from db connetion. |
|
| 702 |
* User or Group should have permissions for reading |
|
| 703 |
* access control information for a document specified by @docid. |
|
| 704 |
* @param docid document identifier which acl info to get |
|
| 705 |
* @param user name of user connected to Metacat system |
|
| 706 |
* @param groups names of user's groups to which user belongs |
|
| 707 |
*/ |
|
| 708 |
public String getACL(String docid, String user, String[] groups) |
|
| 709 |
throws SQLException, Exception |
|
| 710 |
{
|
|
| 711 |
StringBuffer output = new StringBuffer(); |
|
| 712 |
StringBuffer outTemp = new StringBuffer(); |
|
| 713 |
String accDoctype = PropertyService.getProperty("xml.accessdoctype");
|
|
| 714 |
String server = PropertyService.getProperty("server.name");
|
|
| 715 |
String docurl = "metacat://" + server + "/?docid=" + docid; |
|
| 716 |
String systemID; |
|
| 717 |
boolean isOwned = false; |
|
| 718 |
boolean hasPermission = false; |
|
| 719 |
String publicAcc; |
|
| 720 |
|
|
| 721 |
String acfid = ""; |
|
| 722 |
String acfid_prev = ""; |
|
| 723 |
String principal; |
|
| 724 |
Vector principalArr = new Vector(); |
|
| 725 |
int permission; |
|
| 726 |
int perm_prev = -1; |
|
| 727 |
String permType; |
|
| 728 |
String permOrder = ""; |
|
| 729 |
String permOrder_prev = ""; |
|
| 730 |
String beginTime = ""; |
|
| 731 |
String begin_prev = ""; |
|
| 732 |
String endTime = ""; |
|
| 733 |
String end_prev = ""; |
|
| 734 |
int ticketCount = -1; |
|
| 735 |
int ticket_prev = -1; |
|
| 736 |
DBConnection conn = null; |
|
| 737 |
int serialNumber = -1; |
|
| 738 |
PreparedStatement pstmt = null; |
|
| 739 |
try {
|
|
| 740 |
|
|
| 741 |
//check out DBConnection |
|
| 742 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACL");
|
|
| 743 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 744 |
|
|
| 745 |
isOwned = isOwned(docid, user); |
|
| 746 |
systemID = getSystemID((String)MetacatUtil. |
|
| 747 |
getOptionList(accDoctype).elementAt(0)); |
|
| 748 |
publicAcc = getPublicAccess(docid); |
|
| 749 |
|
|
| 750 |
output.append("<?xml version=\"1.0\"?>\n");
|
|
| 751 |
output.append("<!DOCTYPE acl PUBLIC \"" + accDoctype + "\" \"" +
|
|
| 752 |
systemID + "\">\n"); |
|
| 753 |
output.append("<acl authSystem=\"\">\n");
|
|
| 754 |
|
|
| 755 |
|
|
| 756 |
pstmt = conn.prepareStatement( |
|
| 757 |
"SELECT distinct accessfileid, principal_name, permission, " + |
|
| 758 |
"perm_type, perm_order, to_char(begin_time,'mm/dd/yyyy'), " + |
|
| 759 |
"to_char(end_time,'mm/dd/yyyy'), ticket_count " + |
|
| 760 |
"FROM xml_access WHERE docid = ? " + |
|
| 761 |
"ORDER BY accessfileid, perm_order, perm_type, permission"); |
|
| 762 |
// Bind the values to the query |
|
| 763 |
pstmt.setString(1, docid); |
|
| 764 |
logMetacat.debug("running sql: " + pstmt.toString());
|
|
| 765 |
pstmt.execute(); |
|
| 766 |
ResultSet rs = pstmt.getResultSet(); |
|
| 767 |
boolean hasRows = rs.next(); |
|
| 768 |
while (hasRows) {
|
|
| 769 |
|
|
| 770 |
acfid = rs.getString(1); |
|
| 771 |
principal = rs.getString(2); |
|
| 772 |
permission = rs.getInt(3); |
|
| 773 |
permType = rs.getString(4); |
|
| 774 |
permOrder = rs.getString(5); |
|
| 775 |
beginTime = rs.getString(6); |
|
| 776 |
endTime = rs.getString(7); |
|
| 777 |
ticketCount = rs.getInt(8); |
|
| 778 |
|
|
| 779 |
// if @docid is not owned by @user, only ACL info from that |
|
| 780 |
// access files to which @user/@groups has "read" permission |
|
| 781 |
// is extracted |
|
| 782 |
if ( !isOwned ) {
|
|
| 783 |
if ( !acfid.equals(acfid_prev) ) {
|
|
| 784 |
acfid_prev = acfid; |
|
| 785 |
//hasPermission = this.hasPermission("READ",user,groups,acfid);
|
|
| 786 |
PermissionController controller = new PermissionController(acfid); |
|
| 787 |
hasPermission = controller.hasPermission(user,groups, |
|
| 788 |
AccessControlInterface.READSTRING); |
|
| 789 |
} |
|
| 790 |
if ( !hasPermission ) {
|
|
| 791 |
rs.next(); |
|
| 792 |
continue; |
|
| 793 |
} |
|
| 794 |
} |
|
| 795 |
|
|
| 796 |
// open <resource> tag |
|
| 797 |
if ( !permOrder.equals(permOrder_prev) ) {
|
|
| 798 |
// close </resource> tag if any was opened |
|
| 799 |
output.append(outTemp.toString()); |
|
| 800 |
outTemp = new StringBuffer(); |
|
| 801 |
if ( !permOrder_prev.equals("") ) {
|
|
| 802 |
output.append(" </resource>\n");
|
|
| 803 |
} |
|
| 804 |
output.append(" <resource order=\"" + permOrder + "\" public=\"" +
|
|
| 805 |
publicAcc + "\">\n"); |
|
| 806 |
output.append(" <resourceIdentifier>" + docurl +
|
|
| 807 |
"</resourceIdentifier>\n"); |
|
| 808 |
permOrder_prev = permOrder; |
|
| 809 |
} |
|
| 810 |
|
|
| 811 |
// close </allow> or </deny> tag then open new one |
|
| 812 |
if ( permission != perm_prev || |
|
| 813 |
(endTime == null) && (end_prev != null) || |
|
| 814 |
(beginTime == null) && (begin_prev != null) || |
|
| 815 |
endTime != null && !endTime.equals(end_prev) || |
|
| 816 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
| 817 |
ticketCount != ticket_prev ) {
|
|
| 818 |
output.append(outTemp.toString()); |
|
| 819 |
outTemp = new StringBuffer(); |
|
| 820 |
principalArr.removeAllElements(); |
|
| 821 |
output.append(" <" + permType + ">\n");
|
|
| 822 |
} |
|
| 823 |
|
|
| 824 |
// put all principals here for the same |
|
| 825 |
// permission, duration and ticket_count |
|
| 826 |
if ( !principalArr.contains(principal) ) {
|
|
| 827 |
principalArr.addElement(principal); |
|
| 828 |
output.append(" <principal>" + principal + "</principal>\n");
|
|
| 829 |
} |
|
| 830 |
|
|
| 831 |
// prepare <permission> tags, <duration> and <ticketCount> |
|
| 832 |
// if any to put within <allow> (<deny>) by next cicle |
|
| 833 |
if ( permission != perm_prev || |
|
| 834 |
(endTime == null) && (end_prev != null) || |
|
| 835 |
(beginTime == null) && (begin_prev != null) || |
|
| 836 |
endTime != null && !endTime.equals(end_prev) || |
|
| 837 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
| 838 |
ticketCount != ticket_prev ) {
|
|
| 839 |
if ( (permission & READ) == READ ) {
|
|
| 840 |
outTemp.append(" <permission>read</permission>\n");
|
|
| 841 |
} |
|
| 842 |
if ( (permission & WRITE) == WRITE ) {
|
|
| 843 |
outTemp.append(" <permission>write</permission>\n");
|
|
| 844 |
} |
|
| 845 |
if ( (permission & ALL) == ALL ) {
|
|
| 846 |
outTemp.append(" <permission>all</permission>\n");
|
|
| 847 |
} |
|
| 848 |
if ( (permission & CHMOD) == CHMOD ) {
|
|
| 849 |
outTemp.append(" <permission>chmod</permission>\n");
|
|
| 850 |
} |
|
| 851 |
if ( (beginTime != null) || (endTime != null) ) {
|
|
| 852 |
outTemp.append(" <duration>" + beginTime + " " + endTime +
|
|
| 853 |
"</duration>\n"); |
|
| 854 |
} |
|
| 855 |
if ( ticketCount > 0 ) {
|
|
| 856 |
outTemp.append(" <ticketCount>" + ticketCount +
|
|
| 857 |
"</ticketCount>\n"); |
|
| 858 |
} |
|
| 859 |
outTemp.append(" </" + permType + ">\n");
|
|
| 860 |
perm_prev = permission; |
|
| 861 |
ticket_prev = ticketCount; |
|
| 862 |
begin_prev = beginTime; |
|
| 863 |
end_prev = endTime; |
|
| 864 |
} |
|
| 865 |
|
|
| 866 |
hasRows = rs.next(); |
|
| 867 |
} |
|
| 868 |
|
|
| 869 |
// close <allow> or <deny> if anything left in outTemp var |
|
| 870 |
output.append(outTemp.toString()); |
|
| 871 |
|
|
| 872 |
// If there are no any acl info for @docid accessible by @user/@group, |
|
| 873 |
// extract only the following information |
|
| 874 |
if ( permOrder.equals("") ) {
|
|
| 875 |
output.append(" <resource public=\"" + publicAcc + "\">\n");
|
|
| 876 |
output.append(" <resourceIdentifier>" + docurl +
|
|
| 877 |
"</resourceIdentifier>\n"); |
|
| 878 |
} |
|
| 879 |
|
|
| 880 |
// always close them |
|
| 881 |
output.append(" </resource>\n");
|
|
| 882 |
output.append("</acl>\n");
|
|
| 883 |
|
|
| 884 |
pstmt.close(); |
|
| 885 |
|
|
| 886 |
return output.toString(); |
|
| 887 |
|
|
| 888 |
} catch (SQLException e) {
|
|
| 889 |
throw new |
|
| 890 |
SQLException("AccessControlList.getACL(). " + e.getMessage());
|
|
| 891 |
} |
|
| 892 |
finally |
|
| 893 |
{
|
|
| 894 |
try |
|
| 895 |
{
|
|
| 896 |
pstmt.close(); |
|
| 897 |
} |
|
| 898 |
finally |
|
| 899 |
{
|
|
| 900 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 901 |
} |
|
| 902 |
} |
|
| 903 |
} |
|
| 904 |
|
|
| 905 |
/* Check if @user is owner of @docid from db conn. */ |
|
| 906 |
private boolean isOwned(String docid, String user) throws SQLException {
|
|
| 907 |
|
|
| 908 |
PreparedStatement pstmt = null; |
|
| 909 |
DBConnection conn = null; |
|
| 910 |
int serialNumber = -1; |
|
| 911 |
try |
|
| 912 |
{
|
|
| 913 |
//check out DBConnection |
|
| 914 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned");
|
|
| 915 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 916 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
|
|
| 917 |
"WHERE docid = ? " + |
|
| 918 |
"AND user_owner = ?"); |
|
| 919 |
pstmt.setString(1, docid); |
|
| 920 |
pstmt.setString(2, user); |
|
| 921 |
pstmt.execute(); |
|
| 922 |
ResultSet rs = pstmt.getResultSet(); |
|
| 923 |
boolean hasRow = rs.next(); |
|
| 924 |
return hasRow; |
|
| 925 |
} |
|
| 926 |
finally |
|
| 927 |
{
|
|
| 928 |
try |
|
| 929 |
{
|
|
| 930 |
pstmt.close(); |
|
| 931 |
} |
|
| 932 |
finally |
|
| 933 |
{
|
|
| 934 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 935 |
} |
|
| 936 |
} |
|
| 937 |
} |
|
| 938 |
|
|
| 939 | 683 |
/* Get the flag for public "read" access for @docid from db conn. */ |
| 940 | 684 |
private String getPublicAccess(String docid) throws SQLException {
|
| 941 | 685 |
|
Also available in: Unified diff
change AccessControlForSingleFile to only be instantiated for one file. move ACL methods to AccessControlForSingleFile. Change format of access sections returned to EML 2.1.0.