Revision 5098
Added by daigle over 14 years ago
AccessControlList.java | ||
---|---|---|
51 | 51 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
52 | 52 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
53 | 53 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
54 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
|
54 | 55 |
import edu.ucsb.nceas.metacat.util.MetacatUtil; |
55 | 56 |
import edu.ucsb.nceas.metacat.util.SystemUtil; |
56 | 57 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
... | ... | |
90 | 91 |
private int permission; |
91 | 92 |
private String permType; |
92 | 93 |
private String permOrder; |
93 |
// private String publicAcc; |
|
94 | 94 |
private String beginTime; |
95 | 95 |
private String endTime; |
96 | 96 |
private int ticketCount; |
... | ... | |
680 | 680 |
return txtPerm.toString(); |
681 | 681 |
} |
682 | 682 |
|
683 |
// /* Get the text value of READ, WRITE or ALL. */ |
|
684 |
// public static String txtValue ( int permission ) |
|
685 |
// { |
|
686 |
// StringBuffer txtPerm = new StringBuffer(); |
|
687 |
// if (permission == READ) { |
|
688 |
// txtPerm.append("READ"); |
|
689 |
// } |
|
690 |
// if (permission == WRITE) { |
|
691 |
// txtPerm.append("WRITE"); |
|
692 |
// } |
|
693 |
// if (permission == ALL) { |
|
694 |
// txtPerm.append("ALL"); |
|
695 |
// } |
|
696 |
// |
|
697 |
// return txtPerm.toString(); |
|
698 |
// } |
|
699 |
|
|
700 |
/** |
|
701 |
* Get Access Control List information for document from db connetion. |
|
702 |
* User or Group should have permissions for reading |
|
703 |
* access control information for a document specified by @docid. |
|
704 |
* @param docid document identifier which acl info to get |
|
705 |
* @param user name of user connected to Metacat system |
|
706 |
* @param groups names of user's groups to which user belongs |
|
707 |
*/ |
|
708 |
public String getACL(String docid, String user, String[] groups) |
|
709 |
throws SQLException, Exception |
|
710 |
{ |
|
711 |
StringBuffer output = new StringBuffer(); |
|
712 |
StringBuffer outTemp = new StringBuffer(); |
|
713 |
String accDoctype = PropertyService.getProperty("xml.accessdoctype"); |
|
714 |
String server = PropertyService.getProperty("server.name"); |
|
715 |
String docurl = "metacat://" + server + "/?docid=" + docid; |
|
716 |
String systemID; |
|
717 |
boolean isOwned = false; |
|
718 |
boolean hasPermission = false; |
|
719 |
String publicAcc; |
|
720 |
|
|
721 |
String acfid = ""; |
|
722 |
String acfid_prev = ""; |
|
723 |
String principal; |
|
724 |
Vector principalArr = new Vector(); |
|
725 |
int permission; |
|
726 |
int perm_prev = -1; |
|
727 |
String permType; |
|
728 |
String permOrder = ""; |
|
729 |
String permOrder_prev = ""; |
|
730 |
String beginTime = ""; |
|
731 |
String begin_prev = ""; |
|
732 |
String endTime = ""; |
|
733 |
String end_prev = ""; |
|
734 |
int ticketCount = -1; |
|
735 |
int ticket_prev = -1; |
|
736 |
DBConnection conn = null; |
|
737 |
int serialNumber = -1; |
|
738 |
PreparedStatement pstmt = null; |
|
739 |
try { |
|
740 |
|
|
741 |
//check out DBConnection |
|
742 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACL"); |
|
743 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
744 |
|
|
745 |
isOwned = isOwned(docid, user); |
|
746 |
systemID = getSystemID((String)MetacatUtil. |
|
747 |
getOptionList(accDoctype).elementAt(0)); |
|
748 |
publicAcc = getPublicAccess(docid); |
|
749 |
|
|
750 |
output.append("<?xml version=\"1.0\"?>\n"); |
|
751 |
output.append("<!DOCTYPE acl PUBLIC \"" + accDoctype + "\" \"" + |
|
752 |
systemID + "\">\n"); |
|
753 |
output.append("<acl authSystem=\"\">\n"); |
|
754 |
|
|
755 |
|
|
756 |
pstmt = conn.prepareStatement( |
|
757 |
"SELECT distinct accessfileid, principal_name, permission, " + |
|
758 |
"perm_type, perm_order, to_char(begin_time,'mm/dd/yyyy'), " + |
|
759 |
"to_char(end_time,'mm/dd/yyyy'), ticket_count " + |
|
760 |
"FROM xml_access WHERE docid = ? " + |
|
761 |
"ORDER BY accessfileid, perm_order, perm_type, permission"); |
|
762 |
// Bind the values to the query |
|
763 |
pstmt.setString(1, docid); |
|
764 |
logMetacat.debug("running sql: " + pstmt.toString()); |
|
765 |
pstmt.execute(); |
|
766 |
ResultSet rs = pstmt.getResultSet(); |
|
767 |
boolean hasRows = rs.next(); |
|
768 |
while (hasRows) { |
|
769 |
|
|
770 |
acfid = rs.getString(1); |
|
771 |
principal = rs.getString(2); |
|
772 |
permission = rs.getInt(3); |
|
773 |
permType = rs.getString(4); |
|
774 |
permOrder = rs.getString(5); |
|
775 |
beginTime = rs.getString(6); |
|
776 |
endTime = rs.getString(7); |
|
777 |
ticketCount = rs.getInt(8); |
|
778 |
|
|
779 |
// if @docid is not owned by @user, only ACL info from that |
|
780 |
// access files to which @user/@groups has "read" permission |
|
781 |
// is extracted |
|
782 |
if ( !isOwned ) { |
|
783 |
if ( !acfid.equals(acfid_prev) ) { |
|
784 |
acfid_prev = acfid; |
|
785 |
//hasPermission = this.hasPermission("READ",user,groups,acfid); |
|
786 |
PermissionController controller = new PermissionController(acfid); |
|
787 |
hasPermission = controller.hasPermission(user,groups, |
|
788 |
AccessControlInterface.READSTRING); |
|
789 |
} |
|
790 |
if ( !hasPermission ) { |
|
791 |
rs.next(); |
|
792 |
continue; |
|
793 |
} |
|
794 |
} |
|
795 |
|
|
796 |
// open <resource> tag |
|
797 |
if ( !permOrder.equals(permOrder_prev) ) { |
|
798 |
// close </resource> tag if any was opened |
|
799 |
output.append(outTemp.toString()); |
|
800 |
outTemp = new StringBuffer(); |
|
801 |
if ( !permOrder_prev.equals("") ) { |
|
802 |
output.append(" </resource>\n"); |
|
803 |
} |
|
804 |
output.append(" <resource order=\"" + permOrder + "\" public=\"" + |
|
805 |
publicAcc + "\">\n"); |
|
806 |
output.append(" <resourceIdentifier>" + docurl + |
|
807 |
"</resourceIdentifier>\n"); |
|
808 |
permOrder_prev = permOrder; |
|
809 |
} |
|
810 |
|
|
811 |
// close </allow> or </deny> tag then open new one |
|
812 |
if ( permission != perm_prev || |
|
813 |
(endTime == null) && (end_prev != null) || |
|
814 |
(beginTime == null) && (begin_prev != null) || |
|
815 |
endTime != null && !endTime.equals(end_prev) || |
|
816 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
817 |
ticketCount != ticket_prev ) { |
|
818 |
output.append(outTemp.toString()); |
|
819 |
outTemp = new StringBuffer(); |
|
820 |
principalArr.removeAllElements(); |
|
821 |
output.append(" <" + permType + ">\n"); |
|
822 |
} |
|
823 |
|
|
824 |
// put all principals here for the same |
|
825 |
// permission, duration and ticket_count |
|
826 |
if ( !principalArr.contains(principal) ) { |
|
827 |
principalArr.addElement(principal); |
|
828 |
output.append(" <principal>" + principal + "</principal>\n"); |
|
829 |
} |
|
830 |
|
|
831 |
// prepare <permission> tags, <duration> and <ticketCount> |
|
832 |
// if any to put within <allow> (<deny>) by next cicle |
|
833 |
if ( permission != perm_prev || |
|
834 |
(endTime == null) && (end_prev != null) || |
|
835 |
(beginTime == null) && (begin_prev != null) || |
|
836 |
endTime != null && !endTime.equals(end_prev) || |
|
837 |
beginTime != null && !beginTime.equals(begin_prev) || |
|
838 |
ticketCount != ticket_prev ) { |
|
839 |
if ( (permission & READ) == READ ) { |
|
840 |
outTemp.append(" <permission>read</permission>\n"); |
|
841 |
} |
|
842 |
if ( (permission & WRITE) == WRITE ) { |
|
843 |
outTemp.append(" <permission>write</permission>\n"); |
|
844 |
} |
|
845 |
if ( (permission & ALL) == ALL ) { |
|
846 |
outTemp.append(" <permission>all</permission>\n"); |
|
847 |
} |
|
848 |
if ( (permission & CHMOD) == CHMOD ) { |
|
849 |
outTemp.append(" <permission>chmod</permission>\n"); |
|
850 |
} |
|
851 |
if ( (beginTime != null) || (endTime != null) ) { |
|
852 |
outTemp.append(" <duration>" + beginTime + " " + endTime + |
|
853 |
"</duration>\n"); |
|
854 |
} |
|
855 |
if ( ticketCount > 0 ) { |
|
856 |
outTemp.append(" <ticketCount>" + ticketCount + |
|
857 |
"</ticketCount>\n"); |
|
858 |
} |
|
859 |
outTemp.append(" </" + permType + ">\n"); |
|
860 |
perm_prev = permission; |
|
861 |
ticket_prev = ticketCount; |
|
862 |
begin_prev = beginTime; |
|
863 |
end_prev = endTime; |
|
864 |
} |
|
865 |
|
|
866 |
hasRows = rs.next(); |
|
867 |
} |
|
868 |
|
|
869 |
// close <allow> or <deny> if anything left in outTemp var |
|
870 |
output.append(outTemp.toString()); |
|
871 |
|
|
872 |
// If there are no any acl info for @docid accessible by @user/@group, |
|
873 |
// extract only the following information |
|
874 |
if ( permOrder.equals("") ) { |
|
875 |
output.append(" <resource public=\"" + publicAcc + "\">\n"); |
|
876 |
output.append(" <resourceIdentifier>" + docurl + |
|
877 |
"</resourceIdentifier>\n"); |
|
878 |
} |
|
879 |
|
|
880 |
// always close them |
|
881 |
output.append(" </resource>\n"); |
|
882 |
output.append("</acl>\n"); |
|
883 |
|
|
884 |
pstmt.close(); |
|
885 |
|
|
886 |
return output.toString(); |
|
887 |
|
|
888 |
} catch (SQLException e) { |
|
889 |
throw new |
|
890 |
SQLException("AccessControlList.getACL(). " + e.getMessage()); |
|
891 |
} |
|
892 |
finally |
|
893 |
{ |
|
894 |
try |
|
895 |
{ |
|
896 |
pstmt.close(); |
|
897 |
} |
|
898 |
finally |
|
899 |
{ |
|
900 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
901 |
} |
|
902 |
} |
|
903 |
} |
|
904 |
|
|
905 |
/* Check if @user is owner of @docid from db conn. */ |
|
906 |
private boolean isOwned(String docid, String user) throws SQLException { |
|
907 |
|
|
908 |
PreparedStatement pstmt = null; |
|
909 |
DBConnection conn = null; |
|
910 |
int serialNumber = -1; |
|
911 |
try |
|
912 |
{ |
|
913 |
//check out DBConnection |
|
914 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned"); |
|
915 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
916 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " + |
|
917 |
"WHERE docid = ? " + |
|
918 |
"AND user_owner = ?"); |
|
919 |
pstmt.setString(1, docid); |
|
920 |
pstmt.setString(2, user); |
|
921 |
pstmt.execute(); |
|
922 |
ResultSet rs = pstmt.getResultSet(); |
|
923 |
boolean hasRow = rs.next(); |
|
924 |
return hasRow; |
|
925 |
} |
|
926 |
finally |
|
927 |
{ |
|
928 |
try |
|
929 |
{ |
|
930 |
pstmt.close(); |
|
931 |
} |
|
932 |
finally |
|
933 |
{ |
|
934 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
935 |
} |
|
936 |
} |
|
937 |
} |
|
938 |
|
|
939 | 683 |
/* Get the flag for public "read" access for @docid from db conn. */ |
940 | 684 |
private String getPublicAccess(String docid) throws SQLException { |
941 | 685 |
|
Also available in: Unified diff
change AccessControlForSingleFile to only be instantiated for one file. move ACL methods to AccessControlForSingleFile. Change format of access sections returned to EML 2.1.0.