Project

General

Profile

« Previous | Next » 

Revision 570

Added by bojilova over 24 years ago

AccessControlList
- methods for parsing and loading acl file
- checkup method for permission for given principal on given resource
DBQuery
- checkup for READ permission using AccessControlList.hasPermission()
DocumentImpl
- using AccessControlList object to parse and load an acl file into xml_access table
- checkup for WRITE permission on UPDATE action using the same AccessControl.hasPermission()

View differences:

src/edu/ucsb/nceas/metacat/DBQuery.java
168 168
        boolean tableHasRows = rs.next();
169 169
        while (tableHasRows) {
170 170
          docid = rs.getString(1);
171
          if ( !hasReadPermission(conn, docid, user, group) ) {continue;}
171
          if ( !hasPermission(conn, user, group, docid) ) {continue;}
172 172
          docname = rs.getString(2);
173 173
          doctype = rs.getString(3);
174 174
          doctitle = rs.getString(4);
......
274 274
          while(tableHasRows) 
275 275
          {
276 276
            docid = rs.getString(1);
277
            if ( !hasReadPermission(conn, docid, user, group) ) {continue;}
277
            if ( !hasPermission(conn, user, group, docid) ) {continue;}
278 278
            fieldname = rs.getString(2);
279 279
            fielddata = rs.getString(3);
280 280
            
......
635 635
     return createQuery(value, "any");
636 636
   }
637 637
   
638
  /** Check for "read" permissions from DB connection */
639
  private boolean hasReadPermission(Connection conn, String docid, 
640
                                     String user, String group) 
641
                                     throws SQLException {
638
  /** 
639
    * Check for "READ" permission on @docid for @user and/or @group 
640
    * from DB connection 
641
    */
642
  private boolean hasPermission ( Connection conn, String user,
643
                                  String group, String docid ) 
644
                  throws SQLException 
645
  {
642 646
    // b' of the command line invocation
643 647
    if ( (user == null) && (group == null) ) {
644 648
      return true;
645 649
    }
646 650
    
647
    PreparedStatement pstmt;
648
    // checking if user is owner of docid or if docid has public access
649
    try {
650
      pstmt = conn.prepareStatement(
651
                   "SELECT 'x' FROM xml_documents " +
652
                   "WHERE docid LIKE ? AND user_owner LIKE ? " + 
653
                   "UNION " +
654
                   "SELECT 'x' FROM xml_documents " +
655
                   "WHERE docid LIKE ? AND public_access = 1");
656
      // Bind the values to the query
657
      pstmt.setString(1, docid);
658
      pstmt.setString(2, user);
659
      pstmt.setString(3, docid);
660

  
661
      pstmt.execute();
662
      ResultSet rs = pstmt.getResultSet();
663
      boolean hasRow = rs.next();
664
      pstmt.close();
665
      if (hasRow) {
666
        return true;
667
      }
668
      
669
    } catch (SQLException e) {
670
      throw new 
671
        SQLException("Error checking document's owner or public access: "
672
                      + e.getMessage());
651
    // Check for READ permission on @docid for @user and/or @group
652
    AccessControlList aclobj = new AccessControlList(conn);
653
    boolean hasPermission = aclobj.hasPermission("READ",user,docid);
654
    if ( !hasPermission && group != null ) {
655
      hasPermission = aclobj.hasPermission("READ",group,docid);
673 656
    }
674

  
675
    // checking if docid has public access at this time
676
    try {
677
      pstmt = conn.prepareStatement(
678
                   "SELECT 'x' FROM xml_access " +
679
                   "WHERE docid LIKE ? " +
680
                   "AND principal_name = 'public' " +
681
                   "AND principal_type = 'user' " +
682
                   "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
683
                                   "AND nvl(end_time,sysdate)");
684
      // Bind the values to the query
685
      pstmt.setString(1, docid);
686

  
687
      pstmt.execute();
688
      ResultSet rs = pstmt.getResultSet();
689
      boolean hasRow = rs.next();
690
      pstmt.close();
691
      if (hasRow) {
692
        return true;
693
      }
694
      
695
    } catch (SQLException e) {
696
      throw new 
697
        SQLException("Error checking doc's public access: " + e.getMessage());
698
    }
699

  
700
    // checking access type from xml_access table
701
    int accesstype = 0;
702
    try {
703
      pstmt = conn.prepareStatement(
704
                   "SELECT access_type FROM xml_access " +
705
                   "WHERE docid LIKE ? " + 
706
                   "AND principal_name LIKE ? " +
707
                   "AND principal_type = 'user' " +
708
                   "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
709
                                   "AND nvl(end_time,sysdate) " +
710
                   "UNION " +
711
                   "SELECT access_type FROM xml_access " +
712
                   "WHERE docid LIKE ? " + 
713
                   "AND principal_name LIKE ? " +
714
                   "AND principal_type = 'group' " +
715
                   "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
716
                                   "AND nvl(end_time,sysdate)");
717
      // Bind the values to the query
718
      pstmt.setString(1, docid);
719
      pstmt.setString(2, user);
720
      pstmt.setString(3, docid);
721
      pstmt.setString(4, group);
722

  
723
      pstmt.execute();
724
      ResultSet rs = pstmt.getResultSet();
725
      boolean hasRows = rs.next();
726
      while ( hasRows ) {
727
        accesstype = rs.getInt(1);
728
        if ( (accesstype & READ) == READ ) {
729
          pstmt.close();
730
          return true;
731
        }
732
        hasRows = rs.next();
733
      }
734

  
735
      pstmt.close();
736
      return false;
737
      
738
    } catch (SQLException e) {
739
      throw new 
740
      SQLException("Error getting document's permissions: " + e.getMessage());
741
    }
657
    
658
    return hasPermission;
742 659
  }
743 660
   
744 661
}
src/edu/ucsb/nceas/metacat/DocumentImpl.java
771 771

  
772 772
    if ( action.equals("UPDATE") ) {
773 773
      // check for 'write' permission for 'user' to update this document
774
      if ( !hasWritePermission(conn, docid, user, group) ) {
774
      if ( !hasPermission(conn, user, group, docid) ) {
775 775
        throw new Exception("User " + user + 
776 776
              " does not have permission to update XML Document #" + docid);
777 777
      }          
......
828 828
    String newdocid = ac.generate(docid, "DELETE");
829 829

  
830 830
    // check for 'write' permission for 'user' to delete this document
831
    if ( !hasWritePermission(conn, docid, user, group) ) {
831
    if ( !hasPermission(conn, user, group, docid) ) {
832 832
      throw new Exception("User " + user + 
833 833
              " does not have permission to delete XML Document #" + docid);
834 834
    }
......
846 846
    conn.setAutoCommit(true);
847 847
  }
848 848
  
849
  /** Check for "write" permissions from DB connection */
850
  private static boolean hasWritePermission(Connection conn, String docid, 
851
                                     String user, String group) 
852
                                     throws SQLException {
849
  /** 
850
    * Check for "WRITE" permission on @docid for @user and/or @group 
851
    * from DB connection 
852
    */
853
  private static boolean hasPermission( Connection conn, String user,
854
                                        String group, String docid) 
855
                         throws SQLException 
856
  {
853 857
    // b' of the command line invocation
854 858
    if ( (user == null) && (group == null) ) {
855 859
      return true;
856 860
    }
857 861

  
858
    PreparedStatement pstmt;
859
    // checking if user is owner of docid
860
    try {
861
      pstmt = conn.prepareStatement(
862
                   "SELECT 'x' FROM xml_documents " +
863
                   "WHERE docid LIKE ? AND user_owner LIKE ?");
864
      // Bind the values to the query
865
      pstmt.setString(1, docid);
866
      pstmt.setString(2, user);
867

  
868
      pstmt.execute();
869
      ResultSet rs = pstmt.getResultSet();
870
      boolean hasRow = rs.next();
871
      pstmt.close();
872
      if (hasRow) {
873
        return true;
874
      }
875
      
876
    } catch (SQLException e) {
877
      throw new 
878
        SQLException("Error checking document's owner: " + e.getMessage());
862
    // Check for WRITE permission on @docid for @user and/or @group
863
    AccessControlList aclobj = new AccessControlList(conn);
864
    boolean hasPermission = aclobj.hasPermission("WRITE",user,docid);
865
    if ( !hasPermission && group != null ) {
866
      hasPermission = aclobj.hasPermission("WRITE",group,docid);
879 867
    }
880

  
881
    // checking access type from xml_access table
882
    int accesstype = 0;
883
    try {
884
      pstmt = conn.prepareStatement(
885
                   "SELECT access_type FROM xml_access " +
886
                   "WHERE docid LIKE ? " + 
887
                   "AND principal_name LIKE ? " +
888
                   "AND principal_type = 'user' " +
889
                   "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
890
                                   "AND nvl(end_time,sysdate) " +
891
                   "UNION " +
892
                   "SELECT access_type FROM xml_access " +
893
                   "WHERE docid LIKE ? " + 
894
                   "AND principal_name LIKE ? " +
895
                   "AND principal_type = 'group' " +
896
                   "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
897
                                   "AND nvl(end_time,sysdate)");
898
      // Bind the values to the query
899
      pstmt.setString(1, docid);
900
      pstmt.setString(2, user);
901
      pstmt.setString(3, docid);
902
      pstmt.setString(4, group);
903

  
904
      pstmt.execute();
905
      ResultSet rs = pstmt.getResultSet();
906
      boolean hasRows = rs.next();
907
      while ( hasRows ) {
908
        accesstype = rs.getInt(1);
909
        if ( (accesstype & WRITE) == WRITE ) {
910
          pstmt.close();
911
          return true;
912
        }
913
        hasRows = rs.next();
914
      }
915

  
916
      pstmt.close();
917
      return false;
918
      
919
    } catch (SQLException e) {
920
      throw new 
921
      SQLException("Error getting document's permissions: " + e.getMessage());
922
    }
868
    
869
    return hasPermission;
923 870
  }
924 871

  
925 872
  /**
src/edu/ucsb/nceas/metacat/AccessControlList.java
38 38
  static final int WRITE = 2;
39 39
  static final int READ = 4;
40 40

  
41
  private Connection  conn;
42
  private String docid;
41
  private Connection conn;
43 42
  private String parserName;
44 43
  private Stack elementStack;
45 44

  
46
  private Vector allow  = new Vector();
47
  private Vector begin1 = new Vector();
48
  private Vector end1   = new Vector();
49
  private Vector count1 = new Vector();
50

  
51
  private Vector denyv  = new Vector();
52
  private Vector begin2 = new Vector();
53
  private Vector end2   = new Vector();
54
  private Vector count2 = new Vector();
45
  private String resourceId;
46
  private Vector principalName;
47
  private int    permission;
48
  private String permType;
49
  private String permOrder;
50
  private String beginTime;
51
  private String endTime;
52
  private int    ticketCount;
55 53
  
56
  private String principal_name = "";
57
  private String principal_type;
58
  private int permission = 0;
59
  private String begin_time;
60
  private String end_time;
61
  private int count;
62
  private int deny;
63
  
64 54
  /**
65 55
   * Construct an instance of the AccessControlList class.
56
   * It is used by the permission check up from DBQuery and DocumentImpl
57
   *
58
   * @param conn the JDBC connection where acl data are loaded
59
   */
60
  public AccessControlList ( Connection conn )
61
  {
62
    this.conn = conn;
63
  }
64

  
65
  /**
66
   * Construct an instance of the AccessControlList class.
66 67
   * It parse acl file and loads acl data into db connection.
67 68
   *
68 69
   * @param conn the JDBC connection where acl data are loaded
69 70
   * @param docid the Accession# of the document with the acl data
70
   * @param acl the acl file containing acl data for the document
71
   * @param acl the acl file containing acl data
71 72
   */
72 73
  public AccessControlList ( Connection conn, String docid, Reader acl )
73 74
                  throws SAXException, IOException, ClassNotFoundException 
......
77 78
    String parserName = util.getOption("saxparser");
78 79

  
79 80
    this.conn = conn;
80
    this.docid = docid;
81 81
    this.parserName = parserName;
82
    elementStack = new Stack();
82
    this.elementStack = new Stack();
83
    
84
    this.principalName = new Vector();
85
    this.permission = 0;
86
    this.ticketCount = 0;
83 87

  
84 88
    // Initialize the parser and read the queryspec
85 89
    XMLReader parser = initializeParser();
......
87 91

  
88 92
  }
89 93

  
94
  /**
95
   * Construct an instance of the AccessControlList class.
96
   * It parse acl file and loads acl data into db connection.
97
   *
98
   * @param conn the JDBC connection where acl data are loaded
99
   * @param docid the Accession# of the document with the acl data
100
   * @param aclfilename the name of acl file containing acl data
101
   */
90 102
  public AccessControlList( Connection conn, String docid, String aclfilename )
91 103
                  throws SAXException, IOException, ClassNotFoundException 
92 104
  {
......
128 140
        currentNode.setAttribute(atts.getLocalName(i), atts.getValue(i));
129 141
      }
130 142
    }
143
    if ( currentNode.getTagName().equals("resource") ) {
144
      permOrder = currentNode.getAttribute("order");
145
    }
131 146
    elementStack.push(currentNode); 
132 147
  }
133 148

  
......
143 158
    BasicNode currentNode = (BasicNode)elementStack.peek(); 
144 159
    String currentTag = currentNode.getTagName();
145 160

  
146
    if (currentTag.equals("groupName")) {
147
      principal_name = inputString;
148
      principal_type = "group";
149
    } else if (currentTag.equals("userName")) {
150
      principal_name = inputString;
151
      principal_type = "user";
161
    if (currentTag.equals("resourceIdentifier")) {
162
      resourceId = inputString;
163
    } else if (currentTag.equals("principalName")) {
164
      principalName.addElement(new String(inputString));
152 165
    } else if (currentTag.equals("permission")) {
153 166
      if ( inputString.trim().toUpperCase().equals("READ") ) {
154 167
        permission = permission | READ;
......
158 171
        permission = permission | ALL;
159 172
      }
160 173
    } else if (currentTag.equals("duration") && 
161
               begin_time == null && end_time == null ) {
174
               beginTime == null && endTime == null ) {
162 175
      try {
163
        begin_time = inputString.substring(0, inputString.indexOf(" "));
164
        end_time = inputString.substring(inputString.indexOf(" ")+1);
176
        beginTime = inputString.substring(0, inputString.indexOf(" "));
177
        endTime = inputString.substring(inputString.indexOf(" ")+1);
165 178
      } catch (StringIndexOutOfBoundsException se) {
166
        begin_time = inputString;
179
        beginTime = inputString;
167 180
      }
168
    } else if (currentTag.equals("count") && count == 0 ) {
169
      count = (new Integer(inputString.trim())).intValue();
181
    } else if (currentTag.equals("ticketCount") && ticketCount == 0 ) {
182
      ticketCount = (new Integer(inputString.trim())).intValue();
170 183
    }
171 184
  }
172 185

  
......
179 192
         throws SAXException 
180 193
  {
181 194
    BasicNode leaving = (BasicNode)elementStack.pop(); 
182
    if ( leaving.getTagName().equals("allow") && permission > 0 ) {
183
      // collect allowed permissions in a Vector variable allow
184
      allow.add(new Integer(permission));
185
      begin1.add(begin_time);
186
      end1.add(end_time);
187
      count1.add(new Integer(count));
195
    if ( leaving.getTagName().equals("allow") ) {
196
      
197
      if ( permission > 0 ) {
188 198

  
199
        // insert into db calculated permission for the list of principals
200
        try {
201
          insertPermissions("allowed");
202
        } catch (SQLException sqle) {
203
          throw new SAXException(sqle);
204
        }
205
      }
206

  
189 207
      // reset the allowed permission
208
      principalName = new Vector();
190 209
      permission = 0;
191
      begin_time = null;
192
      end_time = null;
193
      count = 0;
210
      beginTime = null;
211
      endTime = null;
212
      ticketCount = 0;
194 213
    
195
    } else if ( leaving.getTagName().equals("deny") && permission > 0 ) {
196
      // collect denied permissions in a Vector variable denyv
197
      denyv.add(new Integer(permission));
198
      begin2.add(begin_time);
199
      end2.add(end_time);
200
      count2.add(new Integer(count));
214
    } else if ( leaving.getTagName().equals("deny") ) {
215
      
216
      if ( permission > 0 ) {
201 217

  
202
      // reset the denied permission
203
      permission = 0;
204
      begin_time = null;
205
      end_time = null;
206
      count = 0;
207

  
208
    } else if ( leaving.getTagName().equals("accessControl") ) {
209
      // when order attribute for <accessControl> is specified to "denyFirst"
210
      // exclude the allowed permissions from the list of denied ones
211
      if ( leaving.getAttribute("order").equals("denyFirst") ) {
212
        for ( int i = 0; i < allow.size(); i++ ) {
213
          for ( int j = 0; j < denyv.size(); j++ ) {
214
            denyv.setElementAt( 
215
            new Integer(((Integer)denyv.elementAt(j)).intValue() & 
216
                        ~((Integer)allow.elementAt(i)).intValue()), j);
217
          }
218
        // insert into db calculated permission for the list of principals
219
        try {
220
          insertPermissions("denied");
221
        } catch (SQLException sqle) {
222
          throw new SAXException(sqle);
218 223
        }
219 224
      }
220 225

  
221
      // insert into db connection collected permissions for the principal
222
      try {
223
        insertPermissions();
224
      } catch (SQLException sqle) {
225
        throw new SAXException(sqle);
226
      }
226
      // reset the denied permission
227
      principalName = new Vector();
228
      permission = 0;
229
      beginTime = null;
230
      endTime = null;
231
      ticketCount = 0;
227 232

  
228
      // reset the list of allowed and denied permissions 
229
      // for use for the next principal
230
      allow  = new Vector();
231
      begin1 = new Vector();
232
      end1   = new Vector();
233
      count1 = new Vector();
233
    } else if ( leaving.getTagName().equals("resource") ) {
234
      // reset the resource identifier
235
      resourceId = null;
236
      permOrder = null;
237
    }
234 238

  
235
      denyv  = new Vector();
236
      begin2 = new Vector();
237
      end2   = new Vector();
238
      count2 = new Vector();
239

  
240
    } else if ( leaving.getTagName().equals("user") || 
241
                leaving.getTagName().equals("group") ) {
242
//      try {                  
243
//        principal_name = 
244
//        principal_name.substring(0, principal_name.lastIndexOf("."));
245
//      } catch (StringIndexOutOfBoundsException se) {
246
        // reset the name of the current principal for next use
247
        principal_name = "";
248
//      }
249
    }
250 239
  }
251 240
                          
252
  /** Insert into db connection collected permissions for a principal */
253
  private void insertPermissions() 
241
  /** Insert into db calculated permission for the list of principals */
242
  private void insertPermissions( String permType ) 
254 243
          throws SQLException 
255 244
  {
256 245
    PreparedStatement pstmt;
......
258 247
    try {
259 248
      pstmt = conn.prepareStatement(
260 249
              "INSERT INTO xml_access " + 
261
              "(docid, principal_name, principal_type, " +
262
              "permission, begin_time, end_time, ticket_counter, deny)" +
263
              "VALUES (?, ?, ?, ?, to_date(?,'mm/dd/yy'), " +
264
              " to_date(?,'mm/dd/yy'), ?, ?)");
250
              "(docid,principal_name,permission,perm_type,perm_order," +
251
              "begin_time,end_time,ticket_count) VALUES " +
252
              "(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?)");
265 253
      // Bind the values to the query
266
      pstmt.setString(1, docid);
267
      pstmt.setString(2, principal_name);
268
      pstmt.setString(3, principal_type);
269
      // insert the allowed permissions first
270
      for ( int i = 0; i < allow.size(); i++ ) {
271
        pstmt.setInt(4, ((Integer)allow.elementAt(i)).intValue());
272
        pstmt.setString(5, (String)begin1.elementAt(i));
273
        pstmt.setString(6, (String)end1.elementAt(i));
274
        if ( ((Integer)count1.elementAt(i)).intValue() > 0 ) {
275
          pstmt.setString(7, "" + ((Integer)count1.elementAt(i)).intValue());
276
        } else {
277
          pstmt.setString(7, "");
278
        }
254
      pstmt.setString(1, resourceId);
255
      pstmt.setInt(3, permission);
256
      pstmt.setString(4, permType);
257
      pstmt.setString(5, permOrder);
258
      pstmt.setString(6, beginTime);
259
      pstmt.setString(7, endTime);
260
      if ( ticketCount > 0 ) {
261
        pstmt.setString(8, "" + ticketCount);
262
      } else {
279 263
        pstmt.setString(8, "");
264
      }
265
      for ( int i = 0; i < principalName.size(); i++ ) {
266
        pstmt.setString(2, (String)principalName.elementAt(i));
267
        pstmt.execute();
268
      }
280 269

  
270
    } catch (SQLException e) {
271
      throw new 
272
      SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
273
    }
274
  }
275

  
276
  /** Check for @permission for @principal on @resourceId from db connection */
277
  public boolean hasPermission ( String permission, String principal,
278
                                 String resourceId )
279
                 throws SQLException
280
  {
281
    PreparedStatement pstmt;
282
    // check public access to @resourceId from xml_documents table
283
    if ( permission.equals("READ") ) {
284
      try {
285
        pstmt = conn.prepareStatement(
286
                "SELECT 'x' FROM xml_documents " +
287
                "WHERE docid LIKE ? AND public_access = 1");
288
        // Bind the values to the query
289
        pstmt.setString(1, principal);
290

  
281 291
        pstmt.execute();
292
        ResultSet rs = pstmt.getResultSet();
293
        boolean hasRow = rs.next();
294
        pstmt.close();
295
        if (hasRow) {
296
          return true;
297
        }
298
//System.out.println("Passed the check for public access");      
299

  
300
      } catch (SQLException e) {
301
        throw new 
302
        SQLException("Error checking document's public access: "
303
                      + e.getMessage());
282 304
      }
305
    }
306
    
307
    // since owner of resource has all permission on it,
308
    // check if @principal is owner of @resourceId in xml_documents table
309
    if ( principal != null ) {
310
      try {
311
        pstmt = conn.prepareStatement(
312
                "SELECT 'x' FROM xml_documents " +
313
                "WHERE docid LIKE ? AND user_owner LIKE ?");
314
        // Bind the values to the query
315
        pstmt.setString(1, resourceId);
316
        pstmt.setString(2, principal);
283 317

  
284
      // insert the denied permissions
285
      for ( int i = 0; i < denyv.size(); i++ ) {
286
        if ( ((Integer)denyv.elementAt(i)).intValue() <= 0 ) {
287
          continue;
318
        pstmt.execute();
319
        ResultSet rs = pstmt.getResultSet();
320
        boolean hasRow = rs.next();
321
        pstmt.close();
322
        if (hasRow) {
323
          return true;
288 324
        }
289
        pstmt.setInt(4, ((Integer)denyv.elementAt(i)).intValue());
290
        pstmt.setString(5, (String)begin2.elementAt(i));
291
        pstmt.setString(6, (String)end2.elementAt(i));
292
        if ( ((Integer)count2.elementAt(i)).intValue() > 0 ) {
293
          pstmt.setString(7, "" + ((Integer)count2.elementAt(i)).intValue());
294
        } else {
295
          pstmt.setString(7, "");
325
//System.out.println("Passed the check for ownership");      
326
     
327
      } catch (SQLException e) {
328
        throw new 
329
        SQLException("AccessControlList.hasPermission(): " +
330
                     "Error checking document's ownership. " + e.getMessage());
331
      }
332

  
333
      // check @principal's @permission on @resourceId from xml_access table
334
      int accessValue = 0;
335
      int ticketCount = 0;
336
      String permOrder = "";
337
      try {
338
        pstmt = conn.prepareStatement(
339
                "SELECT permission, perm_order, ticket_count " +
340
                "FROM xml_access " +
341
                "WHERE docid LIKE ? " + 
342
                "AND principal_name LIKE ? " +
343
                "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
344
                                "AND nvl(end_time,sysdate) " +
345
                "AND perm_type LIKE ?");
346
        // check if it is "denied" first
347
        // Bind the values to the query
348
        pstmt.setString(1, resourceId);
349
        pstmt.setString(2, principal);
350
        pstmt.setString(3, "denied");
351

  
352
        pstmt.execute();
353
        ResultSet rs = pstmt.getResultSet();
354
        boolean hasRows = rs.next();
355
        while ( hasRows ) {
356
          accessValue = rs.getInt(1);
357
          permOrder = rs.getString(2);
358
          ticketCount = rs.getInt(3);
359
          if ( ( accessValue & intValue(permission) ) == intValue(permission) &&
360
               ( permOrder.equals("allow first") ) &&
361
               ( rs.wasNull() || ticketCount > 0 ) ) {
362
            if ( !rs.wasNull() && ticketCount > 0 ) {
363
              decreaseNumberOfAccess(accessValue,principal,resourceId,"denied");
364
            }
365
            pstmt.close();
366
            return false;
367
          }
368
          hasRows = rs.next();
296 369
        }
297
        pstmt.setString(8, "" + 1);
370
//System.out.println("Passed the check for denied access");      
298 371

  
372
        // it is not denied then check if it is "allowed"
373
        // Bind the values to the query
374
        pstmt.setString(1, resourceId);
375
        pstmt.setString(2, principal);
376
        pstmt.setString(3, "allowed");
377

  
299 378
        pstmt.execute();
379
        rs = pstmt.getResultSet();
380
        hasRows = rs.next();
381
        while ( hasRows ) {
382
          accessValue = rs.getInt(1);
383
          ticketCount = rs.getInt(3);
384
          if ( ( accessValue & intValue(permission) )==intValue(permission) &&
385
               ( rs.wasNull() || ticketCount > 0 ) ) {
386
            if ( !rs.wasNull() && ticketCount > 0 ) {
387
              decreaseNumberOfAccess(accessValue,principal,resourceId,"allowed");
388
            }
389
            pstmt.close();
390
            return true;
391
          }
392
          hasRows = rs.next();
393
        }
394
//System.out.println("Passed the check for allowed access");      
395

  
396
        // ???
397
        // here there could be a check for the group's permission like 
398
        // selfrecursive call to hasPermission(conn,permission,group,recourceId)
399
        //
400
      
401
        pstmt.close();
402
        return false;
403
  
404
      } catch (SQLException e) {
405
        throw new 
406
        SQLException("AccessControlList.hasPermission(): " +
407
                     "Error checking document's permission. " + e.getMessage());
300 408
      }
409
    }
410
    
411
    return false;
412
  }
301 413

  
302
    } catch (SQLException e) {
303
      throw new 
304
      SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
414
  /** decrease the number of access to @resourceId for @principal */
415
  private void decreaseNumberOfAccess(int permission, String principal,
416
                                      String resourceId, String permType)
417
               throws SQLException
418
  {
419
    PreparedStatement pstmt;
420
    pstmt = conn.prepareStatement(
421
            "UPDATE xml_access SET ticket_count = ticket_count - 1 " +
422
            "WHERE docid LIKE ? " +
423
            "AND principal_name LIKE ? " +
424
            "AND permission LIKE ? " +
425
            "AND sysdate BETWEEN nvl(begin_time,sysdate) " +
426
                            "AND nvl(end_time,sysdate) " +
427
            "AND perm_type LIKE ?");
428
    // Bind the values to the query
429
    pstmt.setString(1, resourceId);
430
    pstmt.setString(2, principal);
431
    pstmt.setInt(3, permission);
432
    pstmt.setString(4, permType);
433

  
434
    pstmt.execute();
435
    pstmt.close();
436
  }
437
 
438
  // get the int value of READ, WRITE or ALL
439
  private int intValue ( String permission )
440
  {
441
    if ( permission.equals("READ") ) {
442
      return READ;
443
    } else if ( permission.equals("WRITE") ) {
444
      return WRITE;
445
    } else if ( permission.equals("ALL") ) {
446
      return ALL;
305 447
    }
448
    
449
    return -1;
306 450
  }
307
   
308 451
}

Also available in: Unified diff