Revision 5115
Added by daigle over 14 years ago
| AccessControlForSingleFile.java | ||
|---|---|---|
| 65 | 65 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
| 66 | 66 |
|
| 67 | 67 |
|
| 68 |
/** |
|
| 69 |
* Construct an instance of the AccessControlForSingleFile class. |
|
| 70 |
* @param myAccessNumber the docid or docid with dev will be controlled |
|
| 71 |
*/ |
|
| 72 |
public AccessControlForSingleFile(String accessionNumber) throws AccessControlException |
|
| 73 |
{
|
|
| 74 |
|
|
| 75 |
//Get rid of dev if myaccessNumber has one; |
|
| 76 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 77 |
if (_docId == null || _docId.equals(""))
|
|
| 78 |
{
|
|
| 79 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " +
|
|
| 80 |
"can't be null in constructor"); |
|
| 81 |
} |
|
| 82 |
|
|
| 83 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
| 68 |
/** |
|
| 69 |
* Construct an instance of the AccessControlForSingleFile class. This |
|
| 70 |
* instance will represent one file only. |
|
| 71 |
* |
|
| 72 |
* @param myAccessNumber |
|
| 73 |
* the docid or docid with dev will be controlled |
|
| 74 |
*/ |
|
| 75 |
public AccessControlForSingleFile(String accessionNumber) |
|
| 76 |
throws AccessControlException {
|
|
| 84 | 77 |
|
| 85 |
} |
|
| 78 |
// Get rid of dev if myaccessNumber has one; |
|
| 79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 80 |
if (_docId == null || _docId.equals("")) {
|
|
| 81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number "
|
|
| 82 |
+ "can't be null in constructor"); |
|
| 83 |
} |
|
| 84 |
|
|
| 85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
| 86 |
} |
|
| 86 | 87 |
|
| 87 | 88 |
/** |
| 88 | 89 |
* Insert a single access record into the database based on access DAO |
| ... | ... | |
| 101 | 102 |
* Insert a single access record into the database. |
| 102 | 103 |
* |
| 103 | 104 |
* @param principalName |
| 105 |
* the principal credentials |
|
| 104 | 106 |
* @param permission |
| 107 |
* the permission |
|
| 105 | 108 |
* @param permType |
| 109 |
* the permission type |
|
| 106 | 110 |
* @param permOrder |
| 107 |
* @throws AccessControlException
|
|
| 111 |
* the permission order
|
|
| 108 | 112 |
*/ |
| 109 | 113 |
public void insertPermissions(String principalName, Long permission, String permType, String permOrder) |
| 110 | 114 |
throws AccessControlException, PermOrderException {
|
| ... | ... | |
| 129 | 133 |
* returned by the getdocumentinfo action in metacat. |
| 130 | 134 |
*/ |
| 131 | 135 |
public void insertPermissions(String accessBlock) throws AccessControlException {
|
| 132 |
try {
|
|
| 136 |
try {
|
|
| 137 |
// use DocInfoHandler to parse the access section into DAO objects |
|
| 133 | 138 |
XMLReader parser = null; |
| 134 | 139 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId); |
| 135 | 140 |
ContentHandler chandler = docInfoHandler; |
| ... | ... | |
| 146 | 151 |
parser.parse(new InputSource(new StringReader(accessBlock))); |
| 147 | 152 |
|
| 148 | 153 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 149 |
|
|
| 154 |
|
|
| 155 |
// replace all access on the document |
|
| 150 | 156 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
| 151 | 157 |
xmlAccessAccess.replaceAccess(_docId, accessControlList); |
| 152 | 158 |
|
| ... | ... | |
| 166 | 172 |
} |
| 167 | 173 |
|
| 168 | 174 |
/** |
| 175 |
* Check if access control comination for |
|
| 176 |
* docid/principal/permission/permorder/permtype already exists. |
|
| 169 | 177 |
* |
| 178 |
* @param xmlAccessDAO |
|
| 179 |
* the dao object holding the access we want to check for. |
|
| 170 | 180 |
* @return true if the Access Control for this file already exists in the DB |
| 171 |
* @throws SQLException |
|
| 172 | 181 |
*/ |
| 173 | 182 |
public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException {
|
| 174 | 183 |
boolean exists = false; |
| ... | ... | |
| 223 | 232 |
* or Group should have permissions for reading access control information |
| 224 | 233 |
* for a document specified by |
| 225 | 234 |
* |
| 226 |
* @docid. |
|
| 227 |
* @param docid |
|
| 228 |
* document identifier which acl info to get |
|
| 229 | 235 |
* @param user |
| 230 | 236 |
* name of user connected to Metacat system |
| 231 | 237 |
* @param groups |
| ... | ... | |
| 237 | 243 |
boolean hasPermission = false; |
| 238 | 244 |
|
| 239 | 245 |
try {
|
| 240 |
hasPermission = isOwned(_docId, user);
|
|
| 246 |
hasPermission = isOwned(user); |
|
| 241 | 247 |
if (!hasPermission) {
|
| 242 | 248 |
PermissionController controller = new PermissionController(_docId); |
| 243 | 249 |
hasPermission = |
| 244 | 250 |
controller.hasPermission(user, groups, READSTRING); |
| 245 | 251 |
} |
| 246 | 252 |
|
| 253 |
// if the user has permissions, get the access dao list for this doc and return |
|
| 254 |
// it as a string. Otherwise, get the string for an empty access dao list |
|
| 255 |
// (which will return the access section with no allow or deny sections) |
|
| 247 | 256 |
if (hasPermission) {
|
| 248 | 257 |
// Get a list of all access dao objects for this docid |
| 249 | 258 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| ... | ... | |
| 267 | 276 |
} |
| 268 | 277 |
} |
| 269 | 278 |
|
| 279 |
/** |
|
| 280 |
* Get the access xml for all access on this docid |
|
| 281 |
* |
|
| 282 |
* @return string representation of access |
|
| 283 |
*/ |
|
| 270 | 284 |
public String getAccessString() throws AccessControlException {
|
| 271 | 285 |
Vector<XMLAccessDAO> xmlAccessDAOList = null; |
| 272 | 286 |
|
| ... | ... | |
| 282 | 296 |
return getAccessString(xmlAccessDAOList); |
| 283 | 297 |
} |
| 284 | 298 |
|
| 299 |
/** |
|
| 300 |
* Put together an xml representation of the objects in a given access dao list |
|
| 301 |
* @param xmlAccessDAOList list of xml access DAO objects |
|
| 302 |
* @return string representation of access |
|
| 303 |
*/ |
|
| 285 | 304 |
public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException {
|
| 286 | 305 |
|
| 287 | 306 |
StringBuffer output = new StringBuffer(); |
| ... | ... | |
| 304 | 323 |
|
| 305 | 324 |
output.append(">\n");
|
| 306 | 325 |
|
| 307 |
if (xmlAccessDAOList.size() > 0) {
|
|
| 308 |
// Since there should only be one permission order allowed per document, |
|
| 309 |
// we can just grab the order off of the first xml access dao object |
|
| 310 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
| 311 |
} |
|
| 312 |
|
|
| 313 | 326 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
|
| 314 | 327 |
principal = xmlAccessDAO.getPrincipalName(); |
| 315 | 328 |
permission = xmlAccessDAO.getPermission().intValue(); |
| ... | ... | |
| 356 | 369 |
return output.toString(); |
| 357 | 370 |
} |
| 358 | 371 |
|
| 359 |
/* Check if @user is owner of @docid from db conn. */ |
|
| 360 |
private boolean isOwned(String docid, String user) throws SQLException {
|
|
| 372 |
/** |
|
| 373 |
* check if the docid represented in this class is owned by the user |
|
| 374 |
* |
|
| 375 |
* @param user |
|
| 376 |
* the user credentials |
|
| 377 |
* @return true if doc is owned by user, false otherwise |
|
| 378 |
*/ |
|
| 379 |
private boolean isOwned(String user) throws SQLException {
|
|
| 361 | 380 |
PreparedStatement pstmt = null; |
| 362 | 381 |
DBConnection conn = null; |
| 363 | 382 |
int serialNumber = -1; |
| ... | ... | |
| 367 | 386 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 368 | 387 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents "
|
| 369 | 388 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
| 370 |
pstmt.setString(1, docid);
|
|
| 389 |
pstmt.setString(1, _docId);
|
|
| 371 | 390 |
pstmt.setString(2, user); |
| 372 | 391 |
pstmt.execute(); |
| 373 | 392 |
ResultSet rs = pstmt.getResultSet(); |
Also available in: Unified diff
Format and add comments.