Project

General

Profile

« Previous | Next » 

Revision 5099

Added by daigle about 15 years ago

Change access section in getaccesscontrol and getdocumentinfo apis to be more eml 2.1.0 compliant. Add a block access option to setaccess api.

View differences:

lib/style/skins/sanparks/workflowAccess.xsl
50 50
				<div class="col permissions_col">Permission</div>
51 51
			</div>
52 52
			<xsl:choose>
53
			<xsl:when test="acl/resource/@order = 'allowFirst'">
54
				<xsl:for-each select="acl/resource/*/principal">
53
			<xsl:when test="/access/@order = 'denyFirst'">
54
				<xsl:for-each select="/access/allow | /acc:access/deny">
55 55
					<div>
56 56
						<xsl:attribute name="class">
57 57
							<xsl:choose>
......
59 59
								<xsl:when test="position() mod 2 = 0">row row-even</xsl:when>
60 60
							</xsl:choose>
61 61
						</xsl:attribute>
62
						<div class="col access_order_col">allowFirst</div>
62
						<div class="col access_order_col">
63
							<xsl:value-of select="../@order" />
64
						</div>
63 65
						<div class="col access_type_col">
64 66
							<xsl:value-of select="local-name(../)" />
65 67
						</div>
66 68
						<div class="col principal_col">
67
							<xsl:value-of select="."/>
69
							<xsl:value-of select="./principal"/>
68 70
						</div>	
69 71
						<div class="col permissions_col">
70
							<xsl:for-each select="../permission">
72
							<xsl:for-each select="./permission">
71 73
								<div class="permission_element">
72 74
									<xsl:if test=". != 'all'">
73 75
										<xsl:value-of select="."/>
......
79 81
				</xsl:for-each>			
80 82
			</xsl:when>
81 83

  
82
			<xsl:when test="acl/resource/@order = 'denyFirst'">
84
			<xsl:when test="acl/resource/@order = 'allowFirst'">
83 85
				<xsl:for-each select="acl/resource/*/principal">
84 86
					<div>
85 87
						<xsl:attribute name="class">
lib/style/skins/sanparks/sanparks.css
906 906

  
907 907
.access_order_col {
908 908
	width: 95px;
909
//	margin-left: 10px;
910
//	display: inline;
911
//	float: left;
909
	font-size: 14px;
912 910
}
913 911
.access_type_col {
914 912
	width: 85px;
915
//	margin-left: 10px;
916
//	display: inline;
917
//	float: left;
913
	font-size: 14px;
914

  
918 915
}
919 916

  
920 917
.principal_col {
921 918
	width: 400px;
922
//	margin-left: 10px;
923
//	display: inline;
924
//	float: left;
919
	font-size: 14px;
925 920
}
926 921

  
927 922
.permissions_col {	
928 923
	width: 234px;
929
//	margin-left: 10px;
930
//	display: inline;
931 924
}
932 925

  
933 926
.permission_element {	
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java
536 536
	 * @param docId
537 537
	 *            document id
538 538
	 */
539
	private void deleteXMLAccessForDoc(String docId) throws AccessException {
539
	public void deleteXMLAccessForDoc(String docId) throws AccessException {
540 540
		if (docId == null) {
541 541
			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - docid is required when " + 
542 542
					"deleting XML access record");
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessDAO.java
93 93
	}
94 94
	
95 95
	public void setPermission(Long permission) {
96
		if (_permission == null) {
97
			_permission = new Long(0);
98
		}
96 99
		_permission = permission;
97 100
	}
98 101
	
102
	public void addPermission(Long permission) {
103
		if (_permission != null) {
104
			_permission &= permission;
105
		} else {
106
			_permission = permission;
107
		}
108
	}
109
	
99 110
	public String getPermType() {
100 111
		return _permType;
101 112
	}
src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java
43 43
import org.xml.sax.helpers.XMLReaderFactory;
44 44

  
45 45
import edu.ucsb.nceas.metacat.DocInfoHandler;
46
import edu.ucsb.nceas.metacat.DocumentImpl;
47 46
import edu.ucsb.nceas.metacat.McdbException;
48 47
import edu.ucsb.nceas.metacat.PermissionController;
49 48
import edu.ucsb.nceas.metacat.database.DBConnection;
......
62 61
public class AccessControlForSingleFile implements AccessControlInterface 
63 62
{
64 63

  
65
  private String docId;
64
  private String _docId;
66 65
  private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class);
67 66

  
68 67
 
......
73 72
  public AccessControlForSingleFile(String accessionNumber) throws AccessControlException
74 73
  {
75 74
      //Get rid of dev if myaccessNumber has one;
76
      docId = DocumentUtil.getDocIdFromString(accessionNumber);
77
      if (docId == null || docId.equals(""))
75
	  _docId = DocumentUtil.getDocIdFromString(accessionNumber);
76
      if (_docId == null || _docId.equals(""))
78 77
      {
79 78
        throw new AccessControlException("AccessControlForSingleFile() - Accession number " + 
80 79
        		"can't be null in constructor");
81 80
      }
82 81
      
83
      logMetacat.debug("AccessControlForSingleFile() - docid: " + docId);
82
      logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
84 83

  
85 84
  }
86 85
  
......
111 110
			// It will bitwise OR to permissions if the principal already has a record for this
112 111
			// doc id.
113 112
			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
114
			xmlAccessAccess.addXMLAccess(docId, principalName, new Long(permission), permType, permOrder);
113
			xmlAccessAccess.addXMLAccess(_docId, principalName, new Long(permission), permType, permOrder);
115 114
		} catch (AccessException ae) {
116 115
			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
117 116
					+ "DB access error when inserting permissions: " + ae.getMessage());
......
129 128
	public void insertPermissions(String accessBlock) throws AccessControlException {
130 129
		try {			
131 130
			XMLReader parser = null;
132
			DocInfoHandler docInfoHandler = new DocInfoHandler();
131
			DocInfoHandler docInfoHandler = new DocInfoHandler(_docId);
133 132
			ContentHandler chandler = docInfoHandler;
134 133

  
135 134
			// Get an instance of the parser
......
143 142

  
144 143
			parser.parse(new InputSource(new StringReader(accessBlock)));
145 144
			
145
			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
146
			xmlAccessAccess.deleteXMLAccessForDoc(_docId);			
147
			
146 148
	        Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList();
147 149
	        if (accessControlList != null) {
148 150
	        	for (XMLAccessDAO xmlAccessDAO : accessControlList) {
149 151
        			insertPermissions(xmlAccessDAO);
150
					logMetacat.debug("AccessControlForSingleFile.insertPermissions - document " + docId
152
					logMetacat.debug("AccessControlForSingleFile.insertPermissions - document " + _docId
151 153
							+ " permissions added to DB");
152 154
	            }
153 155
	        }
154 156
		} catch (PropertyNotFoundException pnfe) {
155 157
			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
156
					+ "property error when inserting permissions: " + pnfe.getMessage());
158
					+ "property error when replacing permissions: " + pnfe.getMessage());
159
		} catch (AccessException ae) {
160
			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
161
					+ "DB access error when replacing permissions: " + ae.getMessage());
157 162
		} catch (SAXException se) {
158 163
			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
159
					+ "SAX error when inserting permissions: " + se.getMessage());
164
					+ "SAX error when replacing permissions: " + se.getMessage());
160 165
		} catch(IOException ioe) {
161 166
			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
162
					+ "I/O error when inserting permissions: " + ioe.getMessage());
167
					+ "I/O error when replacing permissions: " + ioe.getMessage());
163 168
		}
164 169
	}
165 170
  
......
187 192
				"AND perm_order =? ");
188 193
     
189 194
			// Bind the values to the query
190
			pstmt.setString(1, docId);
195
			pstmt.setString(1, _docId);
191 196
			pstmt.setString(2, xmlAccessDAO.getPrincipalName());
192 197
			pstmt.setLong(3, xmlAccessDAO.getPermission());
193 198
			pstmt.setString(4, xmlAccessDAO.getPermType());
......
229 234
	 * @param groups
230 235
	 *            names of user's groups to which user belongs
231 236
	 */
232
	public String getACL(String user, String[] groups, boolean emlCompliant)
237
	public String getACL(String user, String[] groups)
233 238
			throws AccessControlException {
234 239
		StringBuffer output = new StringBuffer();
235 240
		boolean hasPermission = false;
236 241

  
237
		try {
238
			// Get a list of all access dao objects for this docid
239
			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
240
			Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(docId);
241
    
242
			hasPermission = isOwned(docId, user);
242
		try {   
243
			hasPermission = isOwned(_docId, user);
243 244
			if (!hasPermission) {
244
				PermissionController controller = new PermissionController(docId);
245
				PermissionController controller = new PermissionController(_docId);
245 246
				hasPermission = 
246 247
					controller.hasPermission(user, groups, READSTRING);
247 248
			}
248 249

  
249 250
			if (hasPermission) {
250
				output.append(getAccessString(xmlAccessDAOList, emlCompliant));
251
				// Get a list of all access dao objects for this docid
252
				XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
253
				Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
254
				output.append(getAccessString(xmlAccessDAOList));
255
			} else {
256
				output.append(getAccessString(new Vector<XMLAccessDAO>()));
251 257
			}
252 258

  
253 259
			return output.toString();
......
270 276
		try {
271 277
			// Get a list of all access dao objects for this docid
272 278
			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
273
			xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(docId);
279
			xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
274 280
		} catch (AccessException ae) {
275 281
				throw new AccessControlException("AccessControlForSingleFile.getAccessString() - DB access error when " + 
276 282
						"getting access string: " + ae.getMessage());
277 283
		} 
278 284
		
279
		return getAccessString(xmlAccessDAOList, false);
285
		return getAccessString(xmlAccessDAOList);
280 286
	}
281 287
	
282
	public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList, boolean emlCompliant) throws AccessControlException {
288
	public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException {
283 289
			
284 290
		StringBuffer output = new StringBuffer();
285 291
		StringBuffer tmpOutput = new StringBuffer();
......
296 302
		if (xmlAccessDAOList.size() > 0) {
297 303
			permOrder = xmlAccessDAOList.get(0).getPermOrder();
298 304
		}
299
		
300
		if (emlCompliant) {
301
			output.append("<?xml version=\"1.0\"?>\n<acc:access");
302
		} else {
303
			output.append("<access ");
304
		}
305 305

  
306
		output.append(" authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + docId + "\" scope=\"document\"");
307
	
308
		if (emlCompliant) {
309
			output.append(" xmlns:acc=\"" + DocumentImpl.EML2_1_0NAMESPACE + "\"");
310
		}
306
		output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _docId + "\" scope=\"document\"");
311 307
		
312 308
		output.append(">\n");
313 309
		
......
358 354
			output.append(allowOutput);
359 355
		}
360 356
		
361
		if (emlCompliant) {
362
			output.append("</acc:access>");
363
		} else {
364
			output.append("</access>");
365
		}
357
		output.append("</access>");
366 358
					
367 359
		return output.toString();
368 360
	}
src/edu/ucsb/nceas/metacat/MetaCatServlet.java
2725 2725
        
2726 2726
        try {
2727 2727
        	AccessControlForSingleFile acfsf = new AccessControlForSingleFile(docid);
2728
            String acltext = acfsf.getACL(username, groupnames, true);
2728
            String acltext = acfsf.getACL(username, groupnames);
2729 2729
            if (qformat.equals("xml")) {
2730 2730
                response.setContentType("text/xml");
2731 2731
            	out.println(acltext);
......
3525 3525
        
3526 3526
        if(accessBlock != null) {
3527 3527
        	if (docList == null) {
3528
        		errorList.addElement("MetaCatServlet.handleSetAccessAction - Please check your parameter list, it should look like: "
3528
        		errorList.addElement("MetaCatServlet.handleSetAccessAction - Doc id missing.  Please check your parameter list, it should look like: "
3529 3529
                    + "?action=setaccess&docid=<doc_id>&accessBlock=<access_section>");
3530 3530
                outputResponse(successList, errorList, out);
3531 3531
                return;
......
3535 3535
	            AccessControlForSingleFile accessControl = 
3536 3536
	            	new AccessControlForSingleFile(docList[0]);
3537 3537
	            accessControl.insertPermissions(accessBlock[0]);
3538
	            successList.addElement("MetaCatServlet.handleSetAccessAction - successfully replaced access block for doc id: " + docList[0]);
3538 3539
        	} catch(AccessControlException ace) {
3539 3540
        		errorList.addElement("MetaCatServlet.handleSetAccessAction - access control error when setting " + 
3540 3541
        			"access block: " + ace.getMessage());
src/edu/ucsb/nceas/metacat/PermissionController.java
548 548
        pStmt.close();
549 549

  
550 550
        throw new
551
        SQLException("PermissionControl.hasPermission(). " +
551
        SQLException("PermissionControl.hasPermission - " +
552 552
                     "Error checking ownership for " + principals[0] +
553 553
                     " on document #" + docId + ". " + e.getMessage());
554 554
    }//catch
......
658 658
    //if reach here, means there is no permssion record for given names and
659 659
    //docid. So throw a exception.
660 660

  
661
    throw new Exception("There is no permission record for user"+principals[0]+
662
                        "at document "+docId);
661
    throw new Exception("PermissionController.isAllowFirst - There is no permission record for user "+ principals[0] + 
662
                        " at document " + docId);
663 663

  
664 664
  }//isAllowFirst
665 665

  
src/edu/ucsb/nceas/metacat/DocInfoHandler.java
33 33
import org.xml.sax.SAXException;
34 34
import org.xml.sax.helpers.DefaultHandler;
35 35

  
36
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface;
36 37
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlList;
37 38
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO;
38 39

  
39 40
/** 
40
 * A Class implementing callback bethods for the SAX parser to
41
 * A Class implementing callback methods for the SAX parser to
41 42
 * call when processing the XML messages from the replication handler
42 43
 */
43
public class DocInfoHandler extends DefaultHandler 
44
{
45
  private Hashtable<String,String> docinfo = new Hashtable<String,String>();
46
  private String currentTag = null;
44
public class DocInfoHandler extends DefaultHandler {
45
	
46
	private Hashtable<String, String> _docinfo = new Hashtable<String, String>();
47
	private String _currentTag = null;
48
	private XMLAccessDAO _currentAccessDAO = null;
49
	private String _accessPermOrder;
50
	private String _docId;
47 51
  
48
  private Vector<XMLAccessDAO> xmlAccessDAOList = new Vector<XMLAccessDAO>();
52
	private Vector<XMLAccessDAO> xmlAccessDAOList = new Vector<XMLAccessDAO>();
49 53
  
50
  public DocInfoHandler()
51
  {
52
  }
54
	public DocInfoHandler() {
55
	}
56

  
57
	public DocInfoHandler(String docId) {
58
		_docId = docId;
59
	}
53 60
  
54
  /**
55
   *  capture the name of the tag.
56
   */
57
  public void startElement(String uri, String localName, String qName, 
58
                           Attributes attributes) throws SAXException
59
  {
60
    currentTag = localName;
61
  }
61
   /**
62
	 * capture the name of the tag.
63
	 */
64
	public void startElement(String uri, String localName, String qName,
65
			Attributes attributes) throws SAXException {
66
		_currentTag = localName;
67
		if (_currentTag.equals("access")) {
68
			if (_accessPermOrder == null) {
69
				_accessPermOrder = attributes.getValue("order");			
70
			}
71
			_currentAccessDAO = new XMLAccessDAO();
72
			_currentAccessDAO.setDocId(_docId);
73
			_currentAccessDAO.setPermOrder(_accessPermOrder);
74
		}
75
	}
62 76

  
63
  public void endElement (String uri, String localName, String qName)
64
	throws SAXException
65
  {
66
	  if (localName.equals("access")) {
67
		  //harvest the latest values from the Map
68
		  String docid = (String) docinfo.get("docid");
69
		  String principal = (String) docinfo.get("principal");
70
          String permission = (String) docinfo.get("permission");
71
          String permType = (String) docinfo.get("permType");
72
          String permOrder = (String) docinfo.get("permOrder");
73
          XMLAccessDAO xmlAccessDAO = null;
74
		try {
75
			xmlAccessDAO = new XMLAccessDAO();
76
			xmlAccessDAO.setDocId(docid);
77
			xmlAccessDAO.setPrincipalName(principal);
78
			xmlAccessDAO.setPermission(new Long(AccessControlList.intValue(permission)));
79
			xmlAccessDAO.setPermType(permType);
80
			xmlAccessDAO.setPermOrder(permOrder);
81
			
82
		} catch (Exception e) {
83
			// TODO Auto-generated catch block
84
			e.printStackTrace();
85
		}	
86
		xmlAccessDAOList.add(xmlAccessDAO);
87
	  }
88
  }
77
	public void endElement(String uri, String localName, String qName)
78
			throws SAXException {
79
		if (localName.equals("access")) {			
80
			if (_currentAccessDAO != null) {
81
				xmlAccessDAOList.add(_currentAccessDAO);
82
			}			
83
			_currentAccessDAO = null;
84
		} else if (qName.equals(AccessControlInterface.ALLOW)) {
85
			if (_currentAccessDAO != null) {
86
				_currentAccessDAO.setPermType(AccessControlInterface.ALLOW);
87
			}
88
		} else if (qName.equals(AccessControlInterface.DENY)) {
89
			if (_currentAccessDAO != null) {
90
				_currentAccessDAO.setPermType(AccessControlInterface.DENY);
91
			}
92
		}
93
	}
89 94
  
90 95
  /**
91
   * put the content and the name of the tag into the hashtable.  the name of
92
   * the tag is the key.
93
   */
96
	 * put the content and the name of the tag into the hashtable. the name of
97
	 * the tag is the key.
98
	 */
94 99
  public void characters(char[] ch, int start, int length) throws SAXException
95 100
  {
96
    docinfo.put(currentTag, new String(ch, start, length));
101
    _docinfo.put(_currentTag, new String(ch, start, length));
102
    	
103
    if (_currentTag.equals(AccessControlInterface.PRINCIPAL)) {
104
		if (_currentAccessDAO != null) {
105
			_currentAccessDAO.setPrincipalName(new String(ch, start, length));
106
		}
107
	} else if (_currentTag.equals(AccessControlInterface.PERMISSION)) {
108
		if (_currentAccessDAO != null) {
109
			String permString = new String(ch, start, length);
110
			Long permLong = Long.valueOf(AccessControlList.intValue(permString));
111
			_currentAccessDAO.addPermission(permLong);
112
		}
113
	}
97 114
  }
98 115
  
99 116
  public Hashtable<String,String> getDocInfo()
100 117
  {
101
    return docinfo;
118
    return _docinfo;
102 119
  }
103 120
  
104 121
  public Vector<XMLAccessDAO> getAccessControlList() {

Also available in: Unified diff