Revision 5115
Added by daigle over 14 years ago
AccessControlForSingleFile.java | ||
---|---|---|
65 | 65 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
66 | 66 |
|
67 | 67 |
|
68 |
/** |
|
69 |
* Construct an instance of the AccessControlForSingleFile class. |
|
70 |
* @param myAccessNumber the docid or docid with dev will be controlled |
|
71 |
*/ |
|
72 |
public AccessControlForSingleFile(String accessionNumber) throws AccessControlException |
|
73 |
{ |
|
74 |
|
|
75 |
//Get rid of dev if myaccessNumber has one; |
|
76 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
77 |
if (_docId == null || _docId.equals("")) |
|
78 |
{ |
|
79 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " + |
|
80 |
"can't be null in constructor"); |
|
81 |
} |
|
82 |
|
|
83 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId); |
|
68 |
/** |
|
69 |
* Construct an instance of the AccessControlForSingleFile class. This |
|
70 |
* instance will represent one file only. |
|
71 |
* |
|
72 |
* @param myAccessNumber |
|
73 |
* the docid or docid with dev will be controlled |
|
74 |
*/ |
|
75 |
public AccessControlForSingleFile(String accessionNumber) |
|
76 |
throws AccessControlException { |
|
84 | 77 |
|
85 |
} |
|
78 |
// Get rid of dev if myaccessNumber has one; |
|
79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
80 |
if (_docId == null || _docId.equals("")) { |
|
81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " |
|
82 |
+ "can't be null in constructor"); |
|
83 |
} |
|
84 |
|
|
85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId); |
|
86 |
} |
|
86 | 87 |
|
87 | 88 |
/** |
88 | 89 |
* Insert a single access record into the database based on access DAO |
... | ... | |
101 | 102 |
* Insert a single access record into the database. |
102 | 103 |
* |
103 | 104 |
* @param principalName |
105 |
* the principal credentials |
|
104 | 106 |
* @param permission |
107 |
* the permission |
|
105 | 108 |
* @param permType |
109 |
* the permission type |
|
106 | 110 |
* @param permOrder |
107 |
* @throws AccessControlException
|
|
111 |
* the permission order
|
|
108 | 112 |
*/ |
109 | 113 |
public void insertPermissions(String principalName, Long permission, String permType, String permOrder) |
110 | 114 |
throws AccessControlException, PermOrderException { |
... | ... | |
129 | 133 |
* returned by the getdocumentinfo action in metacat. |
130 | 134 |
*/ |
131 | 135 |
public void insertPermissions(String accessBlock) throws AccessControlException { |
132 |
try { |
|
136 |
try { |
|
137 |
// use DocInfoHandler to parse the access section into DAO objects |
|
133 | 138 |
XMLReader parser = null; |
134 | 139 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId); |
135 | 140 |
ContentHandler chandler = docInfoHandler; |
... | ... | |
146 | 151 |
parser.parse(new InputSource(new StringReader(accessBlock))); |
147 | 152 |
|
148 | 153 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
149 |
|
|
154 |
|
|
155 |
// replace all access on the document |
|
150 | 156 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
151 | 157 |
xmlAccessAccess.replaceAccess(_docId, accessControlList); |
152 | 158 |
|
... | ... | |
166 | 172 |
} |
167 | 173 |
|
168 | 174 |
/** |
175 |
* Check if access control comination for |
|
176 |
* docid/principal/permission/permorder/permtype already exists. |
|
169 | 177 |
* |
178 |
* @param xmlAccessDAO |
|
179 |
* the dao object holding the access we want to check for. |
|
170 | 180 |
* @return true if the Access Control for this file already exists in the DB |
171 |
* @throws SQLException |
|
172 | 181 |
*/ |
173 | 182 |
public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException { |
174 | 183 |
boolean exists = false; |
... | ... | |
223 | 232 |
* or Group should have permissions for reading access control information |
224 | 233 |
* for a document specified by |
225 | 234 |
* |
226 |
* @docid. |
|
227 |
* @param docid |
|
228 |
* document identifier which acl info to get |
|
229 | 235 |
* @param user |
230 | 236 |
* name of user connected to Metacat system |
231 | 237 |
* @param groups |
... | ... | |
237 | 243 |
boolean hasPermission = false; |
238 | 244 |
|
239 | 245 |
try { |
240 |
hasPermission = isOwned(_docId, user);
|
|
246 |
hasPermission = isOwned(user); |
|
241 | 247 |
if (!hasPermission) { |
242 | 248 |
PermissionController controller = new PermissionController(_docId); |
243 | 249 |
hasPermission = |
244 | 250 |
controller.hasPermission(user, groups, READSTRING); |
245 | 251 |
} |
246 | 252 |
|
253 |
// if the user has permissions, get the access dao list for this doc and return |
|
254 |
// it as a string. Otherwise, get the string for an empty access dao list |
|
255 |
// (which will return the access section with no allow or deny sections) |
|
247 | 256 |
if (hasPermission) { |
248 | 257 |
// Get a list of all access dao objects for this docid |
249 | 258 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
... | ... | |
267 | 276 |
} |
268 | 277 |
} |
269 | 278 |
|
279 |
/** |
|
280 |
* Get the access xml for all access on this docid |
|
281 |
* |
|
282 |
* @return string representation of access |
|
283 |
*/ |
|
270 | 284 |
public String getAccessString() throws AccessControlException { |
271 | 285 |
Vector<XMLAccessDAO> xmlAccessDAOList = null; |
272 | 286 |
|
... | ... | |
282 | 296 |
return getAccessString(xmlAccessDAOList); |
283 | 297 |
} |
284 | 298 |
|
299 |
/** |
|
300 |
* Put together an xml representation of the objects in a given access dao list |
|
301 |
* @param xmlAccessDAOList list of xml access DAO objects |
|
302 |
* @return string representation of access |
|
303 |
*/ |
|
285 | 304 |
public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException { |
286 | 305 |
|
287 | 306 |
StringBuffer output = new StringBuffer(); |
... | ... | |
304 | 323 |
|
305 | 324 |
output.append(">\n"); |
306 | 325 |
|
307 |
if (xmlAccessDAOList.size() > 0) { |
|
308 |
// Since there should only be one permission order allowed per document, |
|
309 |
// we can just grab the order off of the first xml access dao object |
|
310 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
|
311 |
} |
|
312 |
|
|
313 | 326 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) { |
314 | 327 |
principal = xmlAccessDAO.getPrincipalName(); |
315 | 328 |
permission = xmlAccessDAO.getPermission().intValue(); |
... | ... | |
356 | 369 |
return output.toString(); |
357 | 370 |
} |
358 | 371 |
|
359 |
/* Check if @user is owner of @docid from db conn. */ |
|
360 |
private boolean isOwned(String docid, String user) throws SQLException { |
|
372 |
/** |
|
373 |
* check if the docid represented in this class is owned by the user |
|
374 |
* |
|
375 |
* @param user |
|
376 |
* the user credentials |
|
377 |
* @return true if doc is owned by user, false otherwise |
|
378 |
*/ |
|
379 |
private boolean isOwned(String user) throws SQLException { |
|
361 | 380 |
PreparedStatement pstmt = null; |
362 | 381 |
DBConnection conn = null; |
363 | 382 |
int serialNumber = -1; |
... | ... | |
367 | 386 |
serialNumber = conn.getCheckOutSerialNumber(); |
368 | 387 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " |
369 | 388 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
370 |
pstmt.setString(1, docid);
|
|
389 |
pstmt.setString(1, _docId);
|
|
371 | 390 |
pstmt.setString(2, user); |
372 | 391 |
pstmt.execute(); |
373 | 392 |
ResultSet rs = pstmt.getResultSet(); |
Also available in: Unified diff
Format and add comments.