| 65 |
65 |
* Here is the rules for user which has write permission in top level access
|
| 66 |
66 |
* rules(he can update metadata but can't update access module) try to update
|
| 67 |
67 |
* a document:
|
| 68 |
|
* 1. Checking access part (both in top level and addtional level, node by node)
|
|
68 |
* 1. Checking access part (both in top level and additional level, node by node)
|
| 69 |
69 |
* If something was modified, reject the document. Note: for additional part
|
| 70 |
70 |
* The access subtree startnode starts at "<describ>" rather than <access>.
|
| 71 |
71 |
* This is because make sure ids wouldn't be mess up by user.
|
| ... | ... | |
| 94 |
94 |
* The new rules.
|
| 95 |
95 |
*
|
| 96 |
96 |
*
|
| 97 |
|
* Here is some info about addtional access rules ( data object rules):
|
|
97 |
* Here is some info about additional access rules ( data object rules):
|
| 98 |
98 |
* The data access rules format looks like:
|
| 99 |
99 |
* <additionalMetadata>
|
| 100 |
100 |
* <describes>100</describes>
|
| ... | ... | |
| 182 |
182 |
|
| 183 |
183 |
private AccessSection topAccessSection;
|
| 184 |
184 |
|
| 185 |
|
private Vector addtionalAccessVector = new Vector();
|
|
185 |
private Vector additionalAccessVector = new Vector();
|
| 186 |
186 |
|
| 187 |
187 |
// key is subtree id and value is accessSection object
|
| 188 |
188 |
private Hashtable possibleReferencedAccessHash = new Hashtable();
|
| ... | ... | |
| 207 |
207 |
|
| 208 |
208 |
private Vector inlineFileIDList = new Vector();
|
| 209 |
209 |
|
| 210 |
|
private boolean inAddtionalMetaData = false;
|
|
210 |
private boolean inadditionalMetaData = false;
|
| 211 |
211 |
|
| 212 |
212 |
//user has unwritable inline data object when it updates a document
|
| 213 |
213 |
private boolean unWritableInlineDataObject = false;
|
| ... | ... | |
| 231 |
231 |
|
| 232 |
232 |
//This hashtable will stored the id which already has additional access
|
| 233 |
233 |
// control. So the top level access control will ignore them.
|
| 234 |
|
private Hashtable onlineURLIdHasAddtionalAccess = new Hashtable();
|
|
234 |
private Hashtable onlineURLIdHasadditionalAccess = new Hashtable();
|
| 235 |
235 |
|
| 236 |
236 |
// additional access module will be in additionalMetadata part. Its format
|
| 237 |
237 |
// look like
|
| ... | ... | |
| 476 |
476 |
catch (SQLException e)
|
| 477 |
477 |
{
|
| 478 |
478 |
throw new SAXException(
|
| 479 |
|
"EMLSAXHandler.getAddtionalAccessSubTreeListFromDB(): "
|
|
479 |
"EMLSAXHandler.getadditionalAccessSubTreeListFromDB(): "
|
| 480 |
480 |
+ e.getMessage());
|
| 481 |
481 |
}//catch
|
| 482 |
482 |
finally
|
| ... | ... | |
| 596 |
596 |
|
| 597 |
597 |
//start handle inline data
|
| 598 |
598 |
//=====================================================
|
| 599 |
|
if (qName.equals(INLINE) && !inAddtionalMetaData)
|
|
599 |
if (qName.equals(INLINE) && !inadditionalMetaData)
|
| 600 |
600 |
{
|
| 601 |
601 |
handleInlineData = true;
|
| 602 |
602 |
inLineDataIndex++;
|
| ... | ... | |
| 808 |
808 |
}
|
| 809 |
809 |
else if (attributeName != null && attributeName.equals(ID) &&
|
| 810 |
810 |
currentNode.getTagName().equals(DISTRIBUTION) &&
|
| 811 |
|
!inAddtionalMetaData)
|
|
811 |
!inadditionalMetaData)
|
| 812 |
812 |
{
|
| 813 |
813 |
// this is a distribution element and the id is distributionID
|
| 814 |
814 |
distributionId = attributeValue;
|
| ... | ... | |
| 835 |
835 |
// put parent node back
|
| 836 |
836 |
nodeStack.push(tmpNode);
|
| 837 |
837 |
String grandParentTag = grandParentNode.getTagName();
|
| 838 |
|
if (grandParentTag.equals(EML) && !inAddtionalMetaData)
|
|
838 |
if (grandParentTag.equals(EML) && !inadditionalMetaData)
|
| 839 |
839 |
{
|
| 840 |
840 |
processTopLeverAccess = true;
|
| 841 |
841 |
|
| 842 |
842 |
}
|
| 843 |
|
else if ( !inAddtionalMetaData )
|
|
843 |
else if ( !inadditionalMetaData )
|
| 844 |
844 |
{
|
| 845 |
845 |
// process other access embedded into resource level
|
| 846 |
846 |
// module
|
| ... | ... | |
| 852 |
852 |
// described element. If it has a descirbed element,
|
| 853 |
853 |
// this code would hurt any thing
|
| 854 |
854 |
processAdditionalAccess = true;
|
| 855 |
|
logMetacat.warn("accessing process addtional access true when meet access");
|
|
855 |
logMetacat.info("accessing process additional access true when meet access");
|
| 856 |
856 |
}
|
| 857 |
857 |
|
| 858 |
858 |
|
| ... | ... | |
| 939 |
939 |
|
| 940 |
940 |
if (currentNode.getTagName().equals(ADDITIONALMETADATA))
|
| 941 |
941 |
{
|
| 942 |
|
inAddtionalMetaData = true;
|
|
942 |
inadditionalMetaData = true;
|
| 943 |
943 |
}
|
| 944 |
944 |
else if (currentNode.getTagName().equals(DESCRIBES) &&
|
| 945 |
945 |
parentNode.getTagName().equals(ADDITIONALMETADATA) &&
|
| ... | ... | |
| 953 |
953 |
localName, prefix, MetacatUtil.normalize(null));
|
| 954 |
954 |
storedAccessNodeStack.push(nodeElement);
|
| 955 |
955 |
processAdditionalAccess = true;
|
| 956 |
|
logMetacat.warn("set processAdditonalAccess ture when meet describe");
|
|
956 |
logMetacat.info("set processAdditonalAccess true when meet describe");
|
| 957 |
957 |
}
|
| 958 |
|
else if (inAddtionalMetaData && processAdditionalAccess &&
|
|
958 |
else if (inadditionalMetaData && processAdditionalAccess &&
|
| 959 |
959 |
parentNode.getTagName().equals(ADDITIONALMETADATA) &&
|
| 960 |
960 |
!currentNode.getTagName().equals(DESCRIBES) &&
|
| 961 |
961 |
!currentNode.getTagName().equals(ACCESS))
|
| 962 |
962 |
{
|
| 963 |
|
// we start processAddtionalAccess module when first hit describes
|
|
963 |
// we start processadditionalAccess module when first hit describes
|
| 964 |
964 |
// in additionalMetadata. So this is possible, there are
|
| 965 |
965 |
// "describes" but not "access". So here is try to terminate
|
| 966 |
966 |
// processAddionalAccess. In this situation, there another element
|
| ... | ... | |
| 972 |
972 |
logMetacat.warn("set processAddtionAccess false if the there is no access in additional");
|
| 973 |
973 |
}
|
| 974 |
974 |
else if (currentNode.getTagName().equals(DISTRIBUTION) &&
|
| 975 |
|
!inAddtionalMetaData)
|
|
975 |
!inadditionalMetaData)
|
| 976 |
976 |
{
|
| 977 |
977 |
proccessDistribution = true;
|
| 978 |
978 |
}
|
| ... | ... | |
| 1258 |
1258 |
}
|
| 1259 |
1259 |
|
| 1260 |
1260 |
}
|
| 1261 |
|
else if (currentTag.equals(URL) && !inAddtionalMetaData)
|
|
1261 |
else if (currentTag.equals(URL) && !inadditionalMetaData)
|
| 1262 |
1262 |
{
|
| 1263 |
1263 |
//handle online data, make sure its'parent is online
|
| 1264 |
1264 |
DBSAXNode parentNode = (DBSAXNode) nodeStack.peek();
|
| ... | ... | |
| 1337 |
1337 |
// put discribesId into the accessobject and put this
|
| 1338 |
1338 |
// access object into vector
|
| 1339 |
1339 |
newAccessObject.setDescribedIdList(describesId);
|
| 1340 |
|
addtionalAccessVector.add(newAccessObject);
|
|
1340 |
additionalAccessVector.add(newAccessObject);
|
| 1341 |
1341 |
|
| 1342 |
1342 |
}//if
|
| 1343 |
1343 |
else if (processOtherAccess)
|
| ... | ... | |
| 1372 |
1372 |
//reset describesId
|
| 1373 |
1373 |
describesId = null;
|
| 1374 |
1374 |
describesId = new Vector();
|
| 1375 |
|
inAddtionalMetaData = false;
|
|
1375 |
inadditionalMetaData = false;
|
| 1376 |
1376 |
firstDescribesNodeId = -1;
|
| 1377 |
1377 |
// reset tmp stored node stack
|
| 1378 |
1378 |
storedAccessNodeStack = null;
|
| ... | ... | |
| 1380 |
1380 |
|
| 1381 |
1381 |
|
| 1382 |
1382 |
}
|
| 1383 |
|
else if (currentTag.equals(DISTRIBUTION) && !inAddtionalMetaData)
|
|
1383 |
else if (currentTag.equals(DISTRIBUTION) && !inadditionalMetaData)
|
| 1384 |
1384 |
{
|
| 1385 |
1385 |
//reset distribution id
|
| 1386 |
1386 |
distributionId = null;
|
| 1387 |
1387 |
proccessDistribution = false;
|
| 1388 |
1388 |
}
|
| 1389 |
|
else if (currentTag.equals(OFFLINE) && !inAddtionalMetaData)
|
|
1389 |
else if (currentTag.equals(OFFLINE) && !inadditionalMetaData)
|
| 1390 |
1390 |
{
|
| 1391 |
1391 |
if (distributionId != null)
|
| 1392 |
1392 |
{
|
| ... | ... | |
| 1394 |
1394 |
}
|
| 1395 |
1395 |
}
|
| 1396 |
1396 |
else if ((currentTag.equals(CONNECTION) || currentTag.equals(CONNECTIONDEFINITION))
|
| 1397 |
|
&& !inAddtionalMetaData)
|
|
1397 |
&& !inadditionalMetaData)
|
| 1398 |
1398 |
{
|
| 1399 |
1399 |
//handle online data, make sure its'parent is online
|
| 1400 |
1400 |
DBSAXNode parentNode = (DBSAXNode) nodeStack.peek();
|
| ... | ... | |
| 1721 |
1721 |
|
| 1722 |
1722 |
//compare additional level
|
| 1723 |
1723 |
int oldSize = unChangebleAdditionalAccessSubTreeVector.size();
|
| 1724 |
|
int newSize = addtionalAccessVector.size();
|
|
1724 |
int newSize = additionalAccessVector.size();
|
| 1725 |
1725 |
// if size is different, use deleted or added rules, so throw a exception
|
| 1726 |
1726 |
if (oldSize != newSize)
|
| 1727 |
1727 |
{
|
| ... | ... | |
| 1734 |
1734 |
AccessSection fromDB = (AccessSection)
|
| 1735 |
1735 |
unChangebleAdditionalAccessSubTreeVector.elementAt(i);
|
| 1736 |
1736 |
AccessSection fromParser = (AccessSection)
|
| 1737 |
|
addtionalAccessVector.elementAt(i);
|
|
1737 |
additionalAccessVector.elementAt(i);
|
| 1738 |
1738 |
compareAccessSubtree(fromDB, fromParser);
|
| 1739 |
1739 |
}
|
| 1740 |
1740 |
|
| ... | ... | |
| 1824 |
1824 |
//write additional access rule, and old records in xml_access will be
|
| 1825 |
1825 |
//deleted too
|
| 1826 |
1826 |
//System.out.println("before write additional access rules");
|
| 1827 |
|
writeAddtionalAccessRuleToDB();
|
|
1827 |
writeadditionalAccessRuleToDB();
|
| 1828 |
1828 |
//System.out.println("after write additional access rules");
|
| 1829 |
1829 |
//write top leve access rule, and old records in xml_access will be
|
| 1830 |
1830 |
//deleted too
|
| ... | ... | |
| 1877 |
1877 |
else
|
| 1878 |
1878 |
{
|
| 1879 |
1879 |
// search it the additional access
|
| 1880 |
|
for ( int i = 0; i <addtionalAccessVector.size(); i++)
|
|
1880 |
for ( int i = 0; i <additionalAccessVector.size(); i++)
|
| 1881 |
1881 |
{
|
| 1882 |
1882 |
AccessSection additionalAccess = (AccessSection)
|
| 1883 |
|
addtionalAccessVector.elementAt(i);
|
|
1883 |
additionalAccessVector.elementAt(i);
|
| 1884 |
1884 |
String additionId = additionalAccess.getSubTreeId();
|
| 1885 |
1885 |
if (additionId != null && additionId.equals(reference))
|
| 1886 |
1886 |
{
|
| ... | ... | |
| 1947 |
1947 |
* deleted
|
| 1948 |
1948 |
* If no describedId in the access object, this access rules will be ingorned
|
| 1949 |
1949 |
*/
|
| 1950 |
|
private void writeAddtionalAccessRuleToDB() throws SAXException
|
|
1950 |
private void writeadditionalAccessRuleToDB() throws SAXException
|
| 1951 |
1951 |
{
|
| 1952 |
|
//System.out.println("in write addtional");
|
|
1952 |
//System.out.println("in write additional");
|
| 1953 |
1953 |
// we should delete all inline access rules in xml_access if
|
| 1954 |
1954 |
// user has all permission
|
| 1955 |
1955 |
if (!needCheckingAccessModule)
|
| 1956 |
1956 |
{
|
| 1957 |
1957 |
deleteAllInlineDataAccessRules();
|
| 1958 |
1958 |
}
|
| 1959 |
|
for (int i=0; i < addtionalAccessVector.size(); i++)
|
|
1959 |
for (int i=0; i < additionalAccessVector.size(); i++)
|
| 1960 |
1960 |
{
|
| 1961 |
|
//System.out.println("in for loop of write addtional");
|
| 1962 |
|
AccessSection access = (AccessSection)addtionalAccessVector.elementAt(i);
|
|
1961 |
//System.out.println("in for loop of write additional");
|
|
1962 |
AccessSection access = (AccessSection)additionalAccessVector.elementAt(i);
|
| 1963 |
1963 |
Vector describeIdList = access.getDescribedIdList();
|
| 1964 |
1964 |
// if this access is a reference, a new access object will be created
|
| 1965 |
1965 |
// which contains the real access rules referenced. Also, each access tree
|
| ... | ... | |
| 2019 |
2019 |
// put the id into a hashtalbe. So when we run wirtetop level
|
| 2020 |
2020 |
// access, those id will be ignored because they already has
|
| 2021 |
2021 |
// additional access rules
|
| 2022 |
|
onlineURLIdHasAddtionalAccess.put(subreeid, subreeid);
|
|
2022 |
onlineURLIdHasadditionalAccess.put(subreeid, subreeid);
|
| 2023 |
2023 |
}
|
| 2024 |
2024 |
}//elseif
|
| 2025 |
2025 |
}//if
|
| ... | ... | |
| 2029 |
2029 |
}//writeAdditonalLevelAccessRuletoDB
|
| 2030 |
2030 |
|
| 2031 |
2031 |
|
| 2032 |
|
/* The method to write addtional access rule into db. */
|
|
2032 |
/* The method to write additional access rule into db. */
|
| 2033 |
2033 |
private void writeTopLevelAccessRuleToDB() throws SAXException
|
| 2034 |
2034 |
{
|
| 2035 |
2035 |
// if top access is reference, we need figure out the real access rules
|
| ... | ... | |
| 2056 |
2056 |
while (em.hasMoreElements())
|
| 2057 |
2057 |
{
|
| 2058 |
2058 |
String onlineSubtreeId = (String)em.nextElement();
|
| 2059 |
|
if (!onlineURLIdHasAddtionalAccess.containsKey(onlineSubtreeId))
|
|
2059 |
if (!onlineURLIdHasadditionalAccess.containsKey(onlineSubtreeId))
|
| 2060 |
2060 |
{
|
| 2061 |
2061 |
String url =
|
| 2062 |
2062 |
(String)onlineURLDistributionIdList.get(onlineSubtreeId);
|
| ... | ... | |
| 2286 |
2286 |
long startNodeId = -1;
|
| 2287 |
2287 |
if (level != null && level.equals(DATAACCESSLEVEL))
|
| 2288 |
2288 |
{
|
| 2289 |
|
// for addtional access module the start node id should be
|
|
2289 |
// for additional access module the start node id should be
|
| 2290 |
2290 |
// descirbes element id
|
| 2291 |
2291 |
startNodeId = accessSection.getStartedDescribesNodeId();
|
| 2292 |
2292 |
// if in additional access, there is not describes element,
|
fix spelling of word additional