Revision 5115
Added by daigle about 15 years ago
src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlException.java | ||
---|---|---|
31 | 31 |
|
32 | 32 |
|
33 | 33 |
/** |
34 |
* Exception thrown when an error occurs in a configuration administrative |
|
35 |
* class |
|
34 |
* Exception thrown when an error occurs during access control |
|
36 | 35 |
*/ |
37 | 36 |
public class AccessControlException extends BaseException { |
38 |
|
|
39 |
private static final long serialVersionUID = -8436697355629175917L; |
|
40 | 37 |
|
38 |
private static final long serialVersionUID = 6685974477000997612L; |
|
39 |
|
|
41 | 40 |
/** |
42 | 41 |
* Create a new AccessControlException. |
43 | 42 |
* |
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java | ||
---|---|---|
62 | 62 |
"must be specified when selecting xml_access record"); |
63 | 63 |
} |
64 | 64 |
|
65 |
// first get the job from the db and put it into a DAO
|
|
65 |
// first get the xml access from the db and put it into a DAO list
|
|
66 | 66 |
PreparedStatement pstmt = null; |
67 | 67 |
DBConnection conn = null; |
68 | 68 |
int serialNumber = -1; |
... | ... | |
87 | 87 |
XMLAccessDAO xmlAccessDAO = populateDAO(resultSet); |
88 | 88 |
xmlAccessList.add(xmlAccessDAO); |
89 | 89 |
} |
90 |
|
|
90 |
|
|
91 |
// make sure permission orders do not conflict in the database |
|
91 | 92 |
validateDocXMLAccessList(xmlAccessList); |
92 | 93 |
|
93 | 94 |
return xmlAccessList; |
... | ... | |
128 | 129 |
"must be specified when selecting xml_access record"); |
129 | 130 |
} |
130 | 131 |
|
131 |
// first get the job from the db and put it into a DAO
|
|
132 |
// first get the xml access for this principal from the db and put it into a DAO list
|
|
132 | 133 |
PreparedStatement pstmt = null; |
133 | 134 |
DBConnection conn = null; |
134 | 135 |
int serialNumber = -1; |
... | ... | |
155 | 156 |
xmlAccessList.add(xmlAccessDAO); |
156 | 157 |
} |
157 | 158 |
|
159 |
// make sure permission orders do not conflict in the database |
|
158 | 160 |
validatePrincipalXMLAccessList(xmlAccessList); |
159 | 161 |
|
160 | 162 |
return xmlAccessList; |
... | ... | |
173 | 175 |
} |
174 | 176 |
|
175 | 177 |
/** |
176 |
* Get all xml access for a principal for a certain document |
|
178 |
* Get all xml access for a principal/permType/permOrder for a certain document
|
|
177 | 179 |
* |
178 | 180 |
* @param docId |
179 | 181 |
* the id of the document |
... | ... | |
203 | 205 |
"must be specified when selecting xml_access record"); |
204 | 206 |
} |
205 | 207 |
|
206 |
// first get the job from the db and put it into a DAO
|
|
208 |
// first get the xml access for this principal from the db and put it into a DAO list
|
|
207 | 209 |
PreparedStatement pstmt = null; |
208 | 210 |
DBConnection conn = null; |
209 | 211 |
int serialNumber = -1; |
... | ... | |
590 | 592 |
} |
591 | 593 |
|
592 | 594 |
/** |
593 |
* Delete xml access. This removes all access records from the database for a principal |
|
594 |
* for a given document, perm type and perm order |
|
595 |
* Checks to see if there is a permission order conflict for a given document. Each |
|
596 |
* document is only allowed to have a single permission order |
|
597 |
* |
|
595 | 598 |
* @param docId |
596 | 599 |
* document id |
597 | 600 |
* @param principal |
... | ... | |
644 | 647 |
/** |
645 | 648 |
* Delete xml access. This removes all access records from the database for a principal |
646 | 649 |
* for a given document, perm type and perm order |
650 |
* |
|
647 | 651 |
* @param docId |
648 | 652 |
* document id |
649 | 653 |
* @param principal |
... | ... | |
706 | 710 |
* more than one record exists, delete the existing records, consolidate the |
707 | 711 |
* permissions insert the new record. |
708 | 712 |
* |
709 |
* @param xmlAccessList |
|
710 |
* @throws AccessException |
|
713 |
* @param xmlAccessList the access dao list |
|
711 | 714 |
*/ |
712 | 715 |
private void cleanupXMLAccessForPrincipal(Vector<XMLAccessDAO> xmlAccessList) throws AccessException{ |
713 | 716 |
|
... | ... | |
793 | 796 |
} |
794 | 797 |
|
795 | 798 |
/** |
799 |
* Make sure for a given list of access DAOs that only one perm order |
|
800 |
* exists. It is assumed that all the DAOs are for the same doc |
|
796 | 801 |
* |
797 | 802 |
* @param xmlAccessList |
798 |
* @throws PermOrderException
|
|
803 |
* the access dao list
|
|
799 | 804 |
*/ |
800 | 805 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException { |
801 | 806 |
String permOrder = null; |
... | ... | |
812 | 817 |
} |
813 | 818 |
} |
814 | 819 |
|
820 |
/** |
|
821 |
* Check that only one permOrder exists for each principal. |
|
822 |
* TODO add check that one of each permType exists as well |
|
823 |
* |
|
824 |
* @param xmlAccessList |
|
825 |
* the access dao list |
|
826 |
*/ |
|
815 | 827 |
private void validatePrincipalXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) |
816 | 828 |
throws PermOrderException { |
817 | 829 |
|
src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
---|---|---|
65 | 65 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
66 | 66 |
|
67 | 67 |
|
68 |
/** |
|
69 |
* Construct an instance of the AccessControlForSingleFile class. |
|
70 |
* @param myAccessNumber the docid or docid with dev will be controlled |
|
71 |
*/ |
|
72 |
public AccessControlForSingleFile(String accessionNumber) throws AccessControlException |
|
73 |
{ |
|
74 |
|
|
75 |
//Get rid of dev if myaccessNumber has one; |
|
76 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
77 |
if (_docId == null || _docId.equals("")) |
|
78 |
{ |
|
79 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " + |
|
80 |
"can't be null in constructor"); |
|
81 |
} |
|
82 |
|
|
83 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId); |
|
68 |
/** |
|
69 |
* Construct an instance of the AccessControlForSingleFile class. This |
|
70 |
* instance will represent one file only. |
|
71 |
* |
|
72 |
* @param myAccessNumber |
|
73 |
* the docid or docid with dev will be controlled |
|
74 |
*/ |
|
75 |
public AccessControlForSingleFile(String accessionNumber) |
|
76 |
throws AccessControlException { |
|
84 | 77 |
|
85 |
} |
|
78 |
// Get rid of dev if myaccessNumber has one; |
|
79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
80 |
if (_docId == null || _docId.equals("")) { |
|
81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " |
|
82 |
+ "can't be null in constructor"); |
|
83 |
} |
|
84 |
|
|
85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId); |
|
86 |
} |
|
86 | 87 |
|
87 | 88 |
/** |
88 | 89 |
* Insert a single access record into the database based on access DAO |
... | ... | |
101 | 102 |
* Insert a single access record into the database. |
102 | 103 |
* |
103 | 104 |
* @param principalName |
105 |
* the principal credentials |
|
104 | 106 |
* @param permission |
107 |
* the permission |
|
105 | 108 |
* @param permType |
109 |
* the permission type |
|
106 | 110 |
* @param permOrder |
107 |
* @throws AccessControlException
|
|
111 |
* the permission order
|
|
108 | 112 |
*/ |
109 | 113 |
public void insertPermissions(String principalName, Long permission, String permType, String permOrder) |
110 | 114 |
throws AccessControlException, PermOrderException { |
... | ... | |
129 | 133 |
* returned by the getdocumentinfo action in metacat. |
130 | 134 |
*/ |
131 | 135 |
public void insertPermissions(String accessBlock) throws AccessControlException { |
132 |
try { |
|
136 |
try { |
|
137 |
// use DocInfoHandler to parse the access section into DAO objects |
|
133 | 138 |
XMLReader parser = null; |
134 | 139 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId); |
135 | 140 |
ContentHandler chandler = docInfoHandler; |
... | ... | |
146 | 151 |
parser.parse(new InputSource(new StringReader(accessBlock))); |
147 | 152 |
|
148 | 153 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
149 |
|
|
154 |
|
|
155 |
// replace all access on the document |
|
150 | 156 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
151 | 157 |
xmlAccessAccess.replaceAccess(_docId, accessControlList); |
152 | 158 |
|
... | ... | |
166 | 172 |
} |
167 | 173 |
|
168 | 174 |
/** |
175 |
* Check if access control comination for |
|
176 |
* docid/principal/permission/permorder/permtype already exists. |
|
169 | 177 |
* |
178 |
* @param xmlAccessDAO |
|
179 |
* the dao object holding the access we want to check for. |
|
170 | 180 |
* @return true if the Access Control for this file already exists in the DB |
171 |
* @throws SQLException |
|
172 | 181 |
*/ |
173 | 182 |
public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException { |
174 | 183 |
boolean exists = false; |
... | ... | |
223 | 232 |
* or Group should have permissions for reading access control information |
224 | 233 |
* for a document specified by |
225 | 234 |
* |
226 |
* @docid. |
|
227 |
* @param docid |
|
228 |
* document identifier which acl info to get |
|
229 | 235 |
* @param user |
230 | 236 |
* name of user connected to Metacat system |
231 | 237 |
* @param groups |
... | ... | |
237 | 243 |
boolean hasPermission = false; |
238 | 244 |
|
239 | 245 |
try { |
240 |
hasPermission = isOwned(_docId, user);
|
|
246 |
hasPermission = isOwned(user); |
|
241 | 247 |
if (!hasPermission) { |
242 | 248 |
PermissionController controller = new PermissionController(_docId); |
243 | 249 |
hasPermission = |
244 | 250 |
controller.hasPermission(user, groups, READSTRING); |
245 | 251 |
} |
246 | 252 |
|
253 |
// if the user has permissions, get the access dao list for this doc and return |
|
254 |
// it as a string. Otherwise, get the string for an empty access dao list |
|
255 |
// (which will return the access section with no allow or deny sections) |
|
247 | 256 |
if (hasPermission) { |
248 | 257 |
// Get a list of all access dao objects for this docid |
249 | 258 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
... | ... | |
267 | 276 |
} |
268 | 277 |
} |
269 | 278 |
|
279 |
/** |
|
280 |
* Get the access xml for all access on this docid |
|
281 |
* |
|
282 |
* @return string representation of access |
|
283 |
*/ |
|
270 | 284 |
public String getAccessString() throws AccessControlException { |
271 | 285 |
Vector<XMLAccessDAO> xmlAccessDAOList = null; |
272 | 286 |
|
... | ... | |
282 | 296 |
return getAccessString(xmlAccessDAOList); |
283 | 297 |
} |
284 | 298 |
|
299 |
/** |
|
300 |
* Put together an xml representation of the objects in a given access dao list |
|
301 |
* @param xmlAccessDAOList list of xml access DAO objects |
|
302 |
* @return string representation of access |
|
303 |
*/ |
|
285 | 304 |
public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException { |
286 | 305 |
|
287 | 306 |
StringBuffer output = new StringBuffer(); |
... | ... | |
304 | 323 |
|
305 | 324 |
output.append(">\n"); |
306 | 325 |
|
307 |
if (xmlAccessDAOList.size() > 0) { |
|
308 |
// Since there should only be one permission order allowed per document, |
|
309 |
// we can just grab the order off of the first xml access dao object |
|
310 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
311 |
} |
|
312 |
|
|
313 | 326 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) { |
314 | 327 |
principal = xmlAccessDAO.getPrincipalName(); |
315 | 328 |
permission = xmlAccessDAO.getPermission().intValue(); |
... | ... | |
356 | 369 |
return output.toString(); |
357 | 370 |
} |
358 | 371 |
|
359 |
/* Check if @user is owner of @docid from db conn. */ |
|
360 |
private boolean isOwned(String docid, String user) throws SQLException { |
|
372 |
/** |
|
373 |
* check if the docid represented in this class is owned by the user |
|
374 |
* |
|
375 |
* @param user |
|
376 |
* the user credentials |
|
377 |
* @return true if doc is owned by user, false otherwise |
|
378 |
*/ |
|
379 |
private boolean isOwned(String user) throws SQLException { |
|
361 | 380 |
PreparedStatement pstmt = null; |
362 | 381 |
DBConnection conn = null; |
363 | 382 |
int serialNumber = -1; |
... | ... | |
367 | 386 |
serialNumber = conn.getCheckOutSerialNumber(); |
368 | 387 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " |
369 | 388 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
370 |
pstmt.setString(1, docid);
|
|
389 |
pstmt.setString(1, _docId);
|
|
371 | 390 |
pstmt.setString(2, user); |
372 | 391 |
pstmt.execute(); |
373 | 392 |
ResultSet rs = pstmt.getResultSet(); |
src/edu/ucsb/nceas/metacat/accesscontrol/PermOrderException.java | ||
---|---|---|
1 | 1 |
/** |
2 | 2 |
* '$RCSfile$' |
3 |
* Purpose: An Exception thrown when an error occurs because an
|
|
4 |
* AccessionNumber was invalid or used incorrectly
|
|
5 |
* Copyright: 2008 Regents of the University of California and the
|
|
3 |
* Purpose: An Exception thrown when an error occurs because of a
|
|
4 |
* permission order conflict
|
|
5 |
* Copyright: 2009 Regents of the University of California and the
|
|
6 | 6 |
* National Center for Ecological Analysis and Synthesis |
7 | 7 |
* Authors: Michael Daigle |
8 | 8 |
* |
... | ... | |
31 | 31 |
|
32 | 32 |
|
33 | 33 |
/** |
34 |
* Exception thrown when an error occurs in a configuration administrative |
|
35 |
* class |
|
34 |
* Exception thrown when an error occurs with a permission order |
|
36 | 35 |
*/ |
37 | 36 |
public class PermOrderException extends BaseException { |
38 | 37 |
|
Also available in: Unified diff
Format and add comments.