Project

General

Profile

« Previous | Next » 

Revision 5115

Added by daigle about 15 years ago

Format and add comments.

View differences:

src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlException.java
31 31

  
32 32

  
33 33
/**
34
 * Exception thrown when an error occurs in a configuration administrative
35
 * class
34
 * Exception thrown when an error occurs during access control
36 35
 */
37 36
public class AccessControlException extends BaseException {
38
	
39
	private static final long serialVersionUID = -8436697355629175917L;
40 37

  
38
	private static final long serialVersionUID = 6685974477000997612L;
39

  
41 40
	/**
42 41
	 * Create a new AccessControlException.
43 42
	 *
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java
62 62
					"must be specified when selecting xml_access record");
63 63
		}
64 64
			
65
		// first get the job from the db and put it into a DAO
65
		// first get the xml access from the db and put it into a DAO list
66 66
		PreparedStatement pstmt = null;
67 67
		DBConnection conn = null;
68 68
		int serialNumber = -1;
......
87 87
				XMLAccessDAO xmlAccessDAO = populateDAO(resultSet);
88 88
				xmlAccessList.add(xmlAccessDAO);
89 89
			}
90
						
90
					
91
			// make sure permission orders do not conflict in the database
91 92
			validateDocXMLAccessList(xmlAccessList);
92 93
			
93 94
			return xmlAccessList;
......
128 129
					"must be specified when selecting xml_access record");
129 130
		}
130 131
			
131
		// first get the job from the db and put it into a DAO
132
		// first get the xml access for this principal from the db and put it into a DAO list
132 133
		PreparedStatement pstmt = null;
133 134
		DBConnection conn = null;
134 135
		int serialNumber = -1;
......
155 156
				xmlAccessList.add(xmlAccessDAO);
156 157
			}
157 158
			
159
			// make sure permission orders do not conflict in the database
158 160
			validatePrincipalXMLAccessList(xmlAccessList);
159 161
			
160 162
			return xmlAccessList;
......
173 175
	}
174 176
	
175 177
	/**
176
	 * Get all xml access for a principal for a certain document
178
	 * Get all xml access for a principal/permType/permOrder for a certain document
177 179
	 * 
178 180
	 * @param docId
179 181
	 *            the id of the document
......
203 205
					"must be specified when selecting xml_access record");
204 206
		}
205 207
					
206
		// first get the job from the db and put it into a DAO
208
		// first get the xml access for this principal from the db and put it into a DAO list
207 209
		PreparedStatement pstmt = null;
208 210
		DBConnection conn = null;
209 211
		int serialNumber = -1;
......
590 592
	}
591 593
	
592 594
	/**
593
	 * Delete xml access.  This removes all access records from the database for a principal 
594
	 * for a given document, perm type and perm order
595
	 * Checks to see if there is a permission order conflict for a given document.  Each 
596
	 * document is only allowed to have a single permission order
597
	 * 
595 598
	 * @param docId
596 599
	 *            document id
597 600
	 * @param principal
......
644 647
	/**
645 648
	 * Delete xml access.  This removes all access records from the database for a principal 
646 649
	 * for a given document, perm type and perm order
650
	 * 
647 651
	 * @param docId
648 652
	 *            document id
649 653
	 * @param principal
......
706 710
	 * more than one record exists, delete the existing records, consolidate the
707 711
	 * permissions insert the new record.
708 712
	 * 
709
	 * @param xmlAccessList
710
	 * @throws AccessException
713
	 * @param xmlAccessList the access dao list
711 714
	 */
712 715
	private void cleanupXMLAccessForPrincipal(Vector<XMLAccessDAO> xmlAccessList) throws AccessException{
713 716
		
......
793 796
	}
794 797
	
795 798
	/**
799
	 * Make sure for a given list of access DAOs that only one perm order
800
	 * exists. It is assumed that all the DAOs are for the same doc
796 801
	 * 
797 802
	 * @param xmlAccessList
798
	 * @throws PermOrderException
803
	 *            the access dao list
799 804
	 */
800 805
	private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException {
801 806
		String permOrder = null;
......
812 817
		}		
813 818
	}
814 819
	
820
	/**
821
	 * Check that only one permOrder exists for each principal. 
822
	 * TODO add check that one of each permType exists as well
823
	 * 
824
	 * @param xmlAccessList
825
	 *            the access dao list
826
	 */
815 827
	private void validatePrincipalXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) 
816 828
			throws PermOrderException {
817 829
		
src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java
65 65
  private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class);
66 66

  
67 67
 
68
  /**
69
   * Construct an instance of the AccessControlForSingleFile class.
70
   * @param myAccessNumber  the docid or docid with dev will be controlled
71
   */
72
  public AccessControlForSingleFile(String accessionNumber) throws AccessControlException
73
  {
74
	  
75
      //Get rid of dev if myaccessNumber has one;
76
	  _docId = DocumentUtil.getDocIdFromString(accessionNumber);
77
      if (_docId == null || _docId.equals(""))
78
      {
79
        throw new AccessControlException("AccessControlForSingleFile() - Accession number " + 
80
        		"can't be null in constructor");
81
      }
82
      
83
      logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
68
    /**
69
	 * Construct an instance of the AccessControlForSingleFile class.  This
70
	 * instance will represent one file only.
71
	 * 
72
	 * @param myAccessNumber
73
	 *            the docid or docid with dev will be controlled
74
	 */
75
	public AccessControlForSingleFile(String accessionNumber)
76
			throws AccessControlException {
84 77

  
85
  }
78
		// Get rid of dev if myaccessNumber has one;
79
		_docId = DocumentUtil.getDocIdFromString(accessionNumber);
80
		if (_docId == null || _docId.equals("")) {
81
			throw new AccessControlException("AccessControlForSingleFile() - Accession number "
82
							+ "can't be null in constructor");
83
		}
84

  
85
		logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
86
	}
86 87
  
87 88
  	/**
88 89
	 * Insert a single access record into the database based on access DAO
......
101 102
	 * Insert a single access record into the database.
102 103
	 * 
103 104
	 * @param principalName
105
	 *            the principal credentials
104 106
	 * @param permission
107
	 *            the permission
105 108
	 * @param permType
109
	 *            the permission type
106 110
	 * @param permOrder
107
	 * @throws AccessControlException
111
	 *            the permission order
108 112
	 */
109 113
	public void insertPermissions(String principalName, Long permission, String permType, String permOrder) 
110 114
			throws AccessControlException, PermOrderException {
......
129 133
	 *            returned by the getdocumentinfo action in metacat.
130 134
	 */
131 135
	public void insertPermissions(String accessBlock) throws AccessControlException {
132
		try {			
136
		try {	
137
			// use DocInfoHandler to parse the access section into DAO objects
133 138
			XMLReader parser = null;
134 139
			DocInfoHandler docInfoHandler = new DocInfoHandler(_docId); 
135 140
			ContentHandler chandler = docInfoHandler;
......
146 151
			parser.parse(new InputSource(new StringReader(accessBlock)));
147 152
			
148 153
			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
149
					
154
				
155
			// replace all access on the document
150 156
	        Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList();
151 157
	        xmlAccessAccess.replaceAccess(_docId, accessControlList);
152 158

  
......
166 172
	}
167 173
  
168 174
	/**
175
	 * Check if access control comination for
176
	 * docid/principal/permission/permorder/permtype already exists.
169 177
	 * 
178
	 * @param xmlAccessDAO
179
	 *            the dao object holding the access we want to check for.
170 180
	 * @return true if the Access Control for this file already exists in the DB
171
	 * @throws SQLException
172 181
	 */
173 182
	public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException {
174 183
		boolean exists = false;
......
223 232
	 * or Group should have permissions for reading access control information
224 233
	 * for a document specified by
225 234
	 * 
226
	 * @docid.
227
	 * @param docid
228
	 *            document identifier which acl info to get
229 235
	 * @param user
230 236
	 *            name of user connected to Metacat system
231 237
	 * @param groups
......
237 243
		boolean hasPermission = false;
238 244

  
239 245
		try {   
240
			hasPermission = isOwned(_docId, user);
246
			hasPermission = isOwned(user);
241 247
			if (!hasPermission) {
242 248
				PermissionController controller = new PermissionController(_docId);
243 249
				hasPermission = 
244 250
					controller.hasPermission(user, groups, READSTRING);
245 251
			}
246 252

  
253
			// if the user has permissions, get the access dao list for this doc and return
254
			// it as a string.  Otherwise, get the string for an empty access dao list 
255
			// (which will return the access section with no allow or deny sections)
247 256
			if (hasPermission) {
248 257
				// Get a list of all access dao objects for this docid
249 258
				XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
......
267 276
		}
268 277
	}
269 278
	
279
	/**
280
	 * Get the access xml for all access on this docid
281
	 * 
282
	 * @return string representation of access
283
	 */
270 284
	public String getAccessString() throws AccessControlException {
271 285
		Vector<XMLAccessDAO> xmlAccessDAOList = null;
272 286
		
......
282 296
		return getAccessString(xmlAccessDAOList);
283 297
	}
284 298
	
299
	/**
300
	 * Put together an xml representation of the objects in a given access dao list
301
	 * @param xmlAccessDAOList list of xml access DAO objects
302
	 * @return string representation of access
303
	 */
285 304
	public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException {
286 305
			
287 306
		StringBuffer output = new StringBuffer();
......
304 323
		
305 324
		output.append(">\n");
306 325
		
307
		if (xmlAccessDAOList.size() > 0) {
308
			// Since there should only be one permission order allowed per document,
309
			// we can just grab the order off of the first xml access dao object
310
			permOrder = xmlAccessDAOList.get(0).getPermOrder();
311
		}
312
		
313 326
		for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
314 327
			principal = xmlAccessDAO.getPrincipalName();
315 328
			permission = xmlAccessDAO.getPermission().intValue();
......
356 369
		return output.toString();
357 370
	}
358 371
	
359
	/* Check if @user is owner of @docid from db conn. */
360
	private boolean isOwned(String docid, String user) throws SQLException {
372
	/**
373
	 * check if the docid represented in this class is owned by the user
374
	 * 
375
	 * @param user
376
	 *            the user credentials
377
	 * @return true if doc is owned by user, false otherwise
378
	 */
379
	private boolean isOwned(String user) throws SQLException {
361 380
		PreparedStatement pstmt = null;
362 381
		DBConnection conn = null;
363 382
		int serialNumber = -1;
......
367 386
			serialNumber = conn.getCheckOutSerialNumber();
368 387
			pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents "
369 388
					+ "WHERE docid = ? " + "AND user_owner = ?");
370
			pstmt.setString(1, docid);
389
			pstmt.setString(1, _docId);
371 390
			pstmt.setString(2, user);
372 391
			pstmt.execute();
373 392
			ResultSet rs = pstmt.getResultSet();
src/edu/ucsb/nceas/metacat/accesscontrol/PermOrderException.java
1 1
/**
2 2
 *  '$RCSfile$'
3
 *    Purpose: An Exception thrown when an error occurs because an 
4
 *             AccessionNumber was invalid or used incorrectly
5
 *  Copyright: 2008 Regents of the University of California and the
3
 *    Purpose: An Exception thrown when an error occurs because of a 
4
 *             permission order conflict
5
 *  Copyright: 2009 Regents of the University of California and the
6 6
 *             National Center for Ecological Analysis and Synthesis
7 7
 *    Authors: Michael Daigle
8 8
 *
......
31 31

  
32 32

  
33 33
/**
34
 * Exception thrown when an error occurs in a configuration administrative
35
 * class
34
 * Exception thrown when an error occurs with a permission order
36 35
 */
37 36
public class PermOrderException extends BaseException {
38 37
	

Also available in: Unified diff