Revision 5115
Added by daigle over 14 years ago
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlException.java | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
|
| 33 | 33 |
/** |
| 34 |
* Exception thrown when an error occurs in a configuration administrative |
|
| 35 |
* class |
|
| 34 |
* Exception thrown when an error occurs during access control |
|
| 36 | 35 |
*/ |
| 37 | 36 |
public class AccessControlException extends BaseException {
|
| 38 |
|
|
| 39 |
private static final long serialVersionUID = -8436697355629175917L; |
|
| 40 | 37 |
|
| 38 |
private static final long serialVersionUID = 6685974477000997612L; |
|
| 39 |
|
|
| 41 | 40 |
/** |
| 42 | 41 |
* Create a new AccessControlException. |
| 43 | 42 |
* |
| src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java | ||
|---|---|---|
| 62 | 62 |
"must be specified when selecting xml_access record"); |
| 63 | 63 |
} |
| 64 | 64 |
|
| 65 |
// first get the job from the db and put it into a DAO
|
|
| 65 |
// first get the xml access from the db and put it into a DAO list
|
|
| 66 | 66 |
PreparedStatement pstmt = null; |
| 67 | 67 |
DBConnection conn = null; |
| 68 | 68 |
int serialNumber = -1; |
| ... | ... | |
| 87 | 87 |
XMLAccessDAO xmlAccessDAO = populateDAO(resultSet); |
| 88 | 88 |
xmlAccessList.add(xmlAccessDAO); |
| 89 | 89 |
} |
| 90 |
|
|
| 90 |
|
|
| 91 |
// make sure permission orders do not conflict in the database |
|
| 91 | 92 |
validateDocXMLAccessList(xmlAccessList); |
| 92 | 93 |
|
| 93 | 94 |
return xmlAccessList; |
| ... | ... | |
| 128 | 129 |
"must be specified when selecting xml_access record"); |
| 129 | 130 |
} |
| 130 | 131 |
|
| 131 |
// first get the job from the db and put it into a DAO
|
|
| 132 |
// first get the xml access for this principal from the db and put it into a DAO list
|
|
| 132 | 133 |
PreparedStatement pstmt = null; |
| 133 | 134 |
DBConnection conn = null; |
| 134 | 135 |
int serialNumber = -1; |
| ... | ... | |
| 155 | 156 |
xmlAccessList.add(xmlAccessDAO); |
| 156 | 157 |
} |
| 157 | 158 |
|
| 159 |
// make sure permission orders do not conflict in the database |
|
| 158 | 160 |
validatePrincipalXMLAccessList(xmlAccessList); |
| 159 | 161 |
|
| 160 | 162 |
return xmlAccessList; |
| ... | ... | |
| 173 | 175 |
} |
| 174 | 176 |
|
| 175 | 177 |
/** |
| 176 |
* Get all xml access for a principal for a certain document |
|
| 178 |
* Get all xml access for a principal/permType/permOrder for a certain document
|
|
| 177 | 179 |
* |
| 178 | 180 |
* @param docId |
| 179 | 181 |
* the id of the document |
| ... | ... | |
| 203 | 205 |
"must be specified when selecting xml_access record"); |
| 204 | 206 |
} |
| 205 | 207 |
|
| 206 |
// first get the job from the db and put it into a DAO
|
|
| 208 |
// first get the xml access for this principal from the db and put it into a DAO list
|
|
| 207 | 209 |
PreparedStatement pstmt = null; |
| 208 | 210 |
DBConnection conn = null; |
| 209 | 211 |
int serialNumber = -1; |
| ... | ... | |
| 590 | 592 |
} |
| 591 | 593 |
|
| 592 | 594 |
/** |
| 593 |
* Delete xml access. This removes all access records from the database for a principal |
|
| 594 |
* for a given document, perm type and perm order |
|
| 595 |
* Checks to see if there is a permission order conflict for a given document. Each |
|
| 596 |
* document is only allowed to have a single permission order |
|
| 597 |
* |
|
| 595 | 598 |
* @param docId |
| 596 | 599 |
* document id |
| 597 | 600 |
* @param principal |
| ... | ... | |
| 644 | 647 |
/** |
| 645 | 648 |
* Delete xml access. This removes all access records from the database for a principal |
| 646 | 649 |
* for a given document, perm type and perm order |
| 650 |
* |
|
| 647 | 651 |
* @param docId |
| 648 | 652 |
* document id |
| 649 | 653 |
* @param principal |
| ... | ... | |
| 706 | 710 |
* more than one record exists, delete the existing records, consolidate the |
| 707 | 711 |
* permissions insert the new record. |
| 708 | 712 |
* |
| 709 |
* @param xmlAccessList |
|
| 710 |
* @throws AccessException |
|
| 713 |
* @param xmlAccessList the access dao list |
|
| 711 | 714 |
*/ |
| 712 | 715 |
private void cleanupXMLAccessForPrincipal(Vector<XMLAccessDAO> xmlAccessList) throws AccessException{
|
| 713 | 716 |
|
| ... | ... | |
| 793 | 796 |
} |
| 794 | 797 |
|
| 795 | 798 |
/** |
| 799 |
* Make sure for a given list of access DAOs that only one perm order |
|
| 800 |
* exists. It is assumed that all the DAOs are for the same doc |
|
| 796 | 801 |
* |
| 797 | 802 |
* @param xmlAccessList |
| 798 |
* @throws PermOrderException
|
|
| 803 |
* the access dao list
|
|
| 799 | 804 |
*/ |
| 800 | 805 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException {
|
| 801 | 806 |
String permOrder = null; |
| ... | ... | |
| 812 | 817 |
} |
| 813 | 818 |
} |
| 814 | 819 |
|
| 820 |
/** |
|
| 821 |
* Check that only one permOrder exists for each principal. |
|
| 822 |
* TODO add check that one of each permType exists as well |
|
| 823 |
* |
|
| 824 |
* @param xmlAccessList |
|
| 825 |
* the access dao list |
|
| 826 |
*/ |
|
| 815 | 827 |
private void validatePrincipalXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) |
| 816 | 828 |
throws PermOrderException {
|
| 817 | 829 |
|
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
|---|---|---|
| 65 | 65 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
| 66 | 66 |
|
| 67 | 67 |
|
| 68 |
/** |
|
| 69 |
* Construct an instance of the AccessControlForSingleFile class. |
|
| 70 |
* @param myAccessNumber the docid or docid with dev will be controlled |
|
| 71 |
*/ |
|
| 72 |
public AccessControlForSingleFile(String accessionNumber) throws AccessControlException |
|
| 73 |
{
|
|
| 74 |
|
|
| 75 |
//Get rid of dev if myaccessNumber has one; |
|
| 76 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 77 |
if (_docId == null || _docId.equals(""))
|
|
| 78 |
{
|
|
| 79 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " +
|
|
| 80 |
"can't be null in constructor"); |
|
| 81 |
} |
|
| 82 |
|
|
| 83 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
| 68 |
/** |
|
| 69 |
* Construct an instance of the AccessControlForSingleFile class. This |
|
| 70 |
* instance will represent one file only. |
|
| 71 |
* |
|
| 72 |
* @param myAccessNumber |
|
| 73 |
* the docid or docid with dev will be controlled |
|
| 74 |
*/ |
|
| 75 |
public AccessControlForSingleFile(String accessionNumber) |
|
| 76 |
throws AccessControlException {
|
|
| 84 | 77 |
|
| 85 |
} |
|
| 78 |
// Get rid of dev if myaccessNumber has one; |
|
| 79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 80 |
if (_docId == null || _docId.equals("")) {
|
|
| 81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number "
|
|
| 82 |
+ "can't be null in constructor"); |
|
| 83 |
} |
|
| 84 |
|
|
| 85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
| 86 |
} |
|
| 86 | 87 |
|
| 87 | 88 |
/** |
| 88 | 89 |
* Insert a single access record into the database based on access DAO |
| ... | ... | |
| 101 | 102 |
* Insert a single access record into the database. |
| 102 | 103 |
* |
| 103 | 104 |
* @param principalName |
| 105 |
* the principal credentials |
|
| 104 | 106 |
* @param permission |
| 107 |
* the permission |
|
| 105 | 108 |
* @param permType |
| 109 |
* the permission type |
|
| 106 | 110 |
* @param permOrder |
| 107 |
* @throws AccessControlException
|
|
| 111 |
* the permission order
|
|
| 108 | 112 |
*/ |
| 109 | 113 |
public void insertPermissions(String principalName, Long permission, String permType, String permOrder) |
| 110 | 114 |
throws AccessControlException, PermOrderException {
|
| ... | ... | |
| 129 | 133 |
* returned by the getdocumentinfo action in metacat. |
| 130 | 134 |
*/ |
| 131 | 135 |
public void insertPermissions(String accessBlock) throws AccessControlException {
|
| 132 |
try {
|
|
| 136 |
try {
|
|
| 137 |
// use DocInfoHandler to parse the access section into DAO objects |
|
| 133 | 138 |
XMLReader parser = null; |
| 134 | 139 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId); |
| 135 | 140 |
ContentHandler chandler = docInfoHandler; |
| ... | ... | |
| 146 | 151 |
parser.parse(new InputSource(new StringReader(accessBlock))); |
| 147 | 152 |
|
| 148 | 153 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 149 |
|
|
| 154 |
|
|
| 155 |
// replace all access on the document |
|
| 150 | 156 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
| 151 | 157 |
xmlAccessAccess.replaceAccess(_docId, accessControlList); |
| 152 | 158 |
|
| ... | ... | |
| 166 | 172 |
} |
| 167 | 173 |
|
| 168 | 174 |
/** |
| 175 |
* Check if access control comination for |
|
| 176 |
* docid/principal/permission/permorder/permtype already exists. |
|
| 169 | 177 |
* |
| 178 |
* @param xmlAccessDAO |
|
| 179 |
* the dao object holding the access we want to check for. |
|
| 170 | 180 |
* @return true if the Access Control for this file already exists in the DB |
| 171 |
* @throws SQLException |
|
| 172 | 181 |
*/ |
| 173 | 182 |
public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException {
|
| 174 | 183 |
boolean exists = false; |
| ... | ... | |
| 223 | 232 |
* or Group should have permissions for reading access control information |
| 224 | 233 |
* for a document specified by |
| 225 | 234 |
* |
| 226 |
* @docid. |
|
| 227 |
* @param docid |
|
| 228 |
* document identifier which acl info to get |
|
| 229 | 235 |
* @param user |
| 230 | 236 |
* name of user connected to Metacat system |
| 231 | 237 |
* @param groups |
| ... | ... | |
| 237 | 243 |
boolean hasPermission = false; |
| 238 | 244 |
|
| 239 | 245 |
try {
|
| 240 |
hasPermission = isOwned(_docId, user);
|
|
| 246 |
hasPermission = isOwned(user); |
|
| 241 | 247 |
if (!hasPermission) {
|
| 242 | 248 |
PermissionController controller = new PermissionController(_docId); |
| 243 | 249 |
hasPermission = |
| 244 | 250 |
controller.hasPermission(user, groups, READSTRING); |
| 245 | 251 |
} |
| 246 | 252 |
|
| 253 |
// if the user has permissions, get the access dao list for this doc and return |
|
| 254 |
// it as a string. Otherwise, get the string for an empty access dao list |
|
| 255 |
// (which will return the access section with no allow or deny sections) |
|
| 247 | 256 |
if (hasPermission) {
|
| 248 | 257 |
// Get a list of all access dao objects for this docid |
| 249 | 258 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| ... | ... | |
| 267 | 276 |
} |
| 268 | 277 |
} |
| 269 | 278 |
|
| 279 |
/** |
|
| 280 |
* Get the access xml for all access on this docid |
|
| 281 |
* |
|
| 282 |
* @return string representation of access |
|
| 283 |
*/ |
|
| 270 | 284 |
public String getAccessString() throws AccessControlException {
|
| 271 | 285 |
Vector<XMLAccessDAO> xmlAccessDAOList = null; |
| 272 | 286 |
|
| ... | ... | |
| 282 | 296 |
return getAccessString(xmlAccessDAOList); |
| 283 | 297 |
} |
| 284 | 298 |
|
| 299 |
/** |
|
| 300 |
* Put together an xml representation of the objects in a given access dao list |
|
| 301 |
* @param xmlAccessDAOList list of xml access DAO objects |
|
| 302 |
* @return string representation of access |
|
| 303 |
*/ |
|
| 285 | 304 |
public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException {
|
| 286 | 305 |
|
| 287 | 306 |
StringBuffer output = new StringBuffer(); |
| ... | ... | |
| 304 | 323 |
|
| 305 | 324 |
output.append(">\n");
|
| 306 | 325 |
|
| 307 |
if (xmlAccessDAOList.size() > 0) {
|
|
| 308 |
// Since there should only be one permission order allowed per document, |
|
| 309 |
// we can just grab the order off of the first xml access dao object |
|
| 310 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
| 311 |
} |
|
| 312 |
|
|
| 313 | 326 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
|
| 314 | 327 |
principal = xmlAccessDAO.getPrincipalName(); |
| 315 | 328 |
permission = xmlAccessDAO.getPermission().intValue(); |
| ... | ... | |
| 356 | 369 |
return output.toString(); |
| 357 | 370 |
} |
| 358 | 371 |
|
| 359 |
/* Check if @user is owner of @docid from db conn. */ |
|
| 360 |
private boolean isOwned(String docid, String user) throws SQLException {
|
|
| 372 |
/** |
|
| 373 |
* check if the docid represented in this class is owned by the user |
|
| 374 |
* |
|
| 375 |
* @param user |
|
| 376 |
* the user credentials |
|
| 377 |
* @return true if doc is owned by user, false otherwise |
|
| 378 |
*/ |
|
| 379 |
private boolean isOwned(String user) throws SQLException {
|
|
| 361 | 380 |
PreparedStatement pstmt = null; |
| 362 | 381 |
DBConnection conn = null; |
| 363 | 382 |
int serialNumber = -1; |
| ... | ... | |
| 367 | 386 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 368 | 387 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents "
|
| 369 | 388 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
| 370 |
pstmt.setString(1, docid);
|
|
| 389 |
pstmt.setString(1, _docId);
|
|
| 371 | 390 |
pstmt.setString(2, user); |
| 372 | 391 |
pstmt.execute(); |
| 373 | 392 |
ResultSet rs = pstmt.getResultSet(); |
| src/edu/ucsb/nceas/metacat/accesscontrol/PermOrderException.java | ||
|---|---|---|
| 1 | 1 |
/** |
| 2 | 2 |
* '$RCSfile$' |
| 3 |
* Purpose: An Exception thrown when an error occurs because an
|
|
| 4 |
* AccessionNumber was invalid or used incorrectly
|
|
| 5 |
* Copyright: 2008 Regents of the University of California and the
|
|
| 3 |
* Purpose: An Exception thrown when an error occurs because of a
|
|
| 4 |
* permission order conflict
|
|
| 5 |
* Copyright: 2009 Regents of the University of California and the
|
|
| 6 | 6 |
* National Center for Ecological Analysis and Synthesis |
| 7 | 7 |
* Authors: Michael Daigle |
| 8 | 8 |
* |
| ... | ... | |
| 31 | 31 |
|
| 32 | 32 |
|
| 33 | 33 |
/** |
| 34 |
* Exception thrown when an error occurs in a configuration administrative |
|
| 35 |
* class |
|
| 34 |
* Exception thrown when an error occurs with a permission order |
|
| 36 | 35 |
*/ |
| 37 | 36 |
public class PermOrderException extends BaseException {
|
| 38 | 37 |
|
Also available in: Unified diff
Format and add comments.