Project

General

Profile

« Previous | Next » 

Revision 5693

allow public access to log information when docid is given. IP and principal are not returned unless an administrator makes the request.

View differences:

src/edu/ucsb/nceas/metacat/EventLog.java
156 156
	 * @return an XML-formatted report of the access log entries
157 157
     */
158 158
    public String getReport(String[] ipAddress, String[] principal, String[] docid,
159
            String[] event, Timestamp startDate, Timestamp endDate)
159
            String[] event, Timestamp startDate, Timestamp endDate, boolean anonymous)
160 160
    {
161 161
        StringBuffer resultDoc = new StringBuffer();
162 162
        StringBuffer query = new StringBuffer();
......
229 229
            resultDoc.append("<?xml version=\"1.0\"?>\n");
230 230
            resultDoc.append("<log>\n");
231 231
            while (rs.next()) {
232
                resultDoc.append(generateXmlRecord(rs.getString(1), rs.getString(2),
233
                                rs.getString(3), rs.getString(4), 
234
                                rs.getString(5), rs.getTimestamp(6)));
232
                resultDoc.append(
233
                		generateXmlRecord(
234
                				rs.getString(1), //id
235
                				anonymous ? "" : rs.getString(2), //ip
236
                				anonymous ? "" : rs.getString(3), //principal
237
                                rs.getString(4), 
238
                                rs.getString(5), 
239
                                rs.getTimestamp(6)));
235 240
            }
236 241
            resultDoc.append("</log>");
237 242
            stmt.close();
src/edu/ucsb/nceas/metacat/MetacatHandler.java
1999 1999
            HttpServletResponse response, String username, String[] groups) {
2000 2000
        Logger logMetacat = Logger.getLogger(MetaCatServlet.class);
2001 2001
        try {
2002
            response.setContentType("text/xml");
2003
            PrintWriter out = response.getWriter();
2002
        	// figure out the output as part of the action
2003
            PrintWriter out = null;
2004 2004
            
2005
            // Check that the user is authenticated as an administrator account
2006
            if (!AuthUtil.isAdministrator(username, groups)) {
2007
                out.print("<error>");
2008
                out.print("The user \"" + username +
2009
                        "\" is not authorized for this action.");
2010
                out.print("</error>");
2011
                return;
2005
            String[] qformatParam = params.get("qformat");
2006
            String qformat = null;
2007
            if (qformatParam != null && qformatParam.length > 0) {
2008
            	qformat = qformatParam[0];
2012 2009
            }
2013 2010
            
2014 2011
            // Get all of the parameters in the correct formats
......
2041 2038
                e.printStackTrace(System.out);
2042 2039
            }
2043 2040
            
2044
            // Request the report by passing the filter parameters
2045
            out.println(EventLog.getInstance().getReport(ipAddress, principal,
2046
                    docid, event, startDate, endDate));
2047
            out.close();
2041
            boolean anon = false;
2042
            // Check that the user is authenticated as an administrator account
2043
            if (!AuthUtil.isAdministrator(username, groups)) {
2044
                anon = true;
2045
            	// public can view only for a specific doc id
2046
                if (docid == null || docid.length == 0) {
2047
                	response.setContentType("text/xml");
2048
                    out = response.getWriter();
2049
	                out.print("<error>");
2050
	                out.print("The user \"" + username +
2051
	                        "\" is not authorized for this action.");
2052
	                out.print("</error>");
2053
	                return;
2054
                }
2055
            }
2056
            
2057
            String report = 
2058
            	EventLog.getInstance().getReport(
2059
            		ipAddress, 
2060
            		principal,
2061
                    docid, 
2062
                    event, 
2063
                    startDate, 
2064
                    endDate, 
2065
                    anon);
2066
            
2067
            // something other than xml
2068
            if (qformat != null && !qformat.equals("xml")) {
2069
                response.setContentType("text/html");
2070
                out = response.getWriter();
2071
                
2072
                try {
2073
	                DBTransform trans = new DBTransform();
2074
	                trans.transformXMLDocument(
2075
	                		report,
2076
	                        "-//NCEAS//log//EN", 
2077
	                        "-//W3C//HTML//EN", 
2078
	                        qformat,
2079
	                        out, 
2080
	                        null, 
2081
	                        null);
2082
	            } catch (Exception e) {               
2083
	                logMetacat.error("MetaCatServlet.handleGetLogAction - General error"
2084
	                        + e.getMessage());
2085
	                e.printStackTrace(System.out);
2086
	            }
2087
            } else {
2088
            	// output as xml
2089
            	response.setContentType("text/xml");
2090
                out = response.getWriter();
2091
                out.println(report);
2092
	            out.close();
2093
            }
2094
            
2048 2095
        } catch (IOException e) {
2049 2096
            logMetacat.error("MetaCatServlet.handleGetLogAction - Could not open http response for writing: "
2050 2097
                    + e.getMessage());
src/edu/ucsb/nceas/metacat/dataone/CrudService.java
1125 1125
        
1126 1126
        String report = el.getReport(null, null, null, null, 
1127 1127
                new java.sql.Timestamp(fromDate.getTime()), 
1128
                new java.sql.Timestamp(toDate.getTime()));
1128
                new java.sql.Timestamp(toDate.getTime()), false);
1129 1129
        
1130 1130
        //System.out.println("report: " + report);
1131 1131
        

Also available in: Unified diff