Revision 570
Added by bojilova over 23 years ago
DocumentImpl.java | ||
---|---|---|
771 | 771 |
|
772 | 772 |
if ( action.equals("UPDATE") ) { |
773 | 773 |
// check for 'write' permission for 'user' to update this document |
774 |
if ( !hasWritePermission(conn, docid, user, group) ) {
|
|
774 |
if ( !hasPermission(conn, user, group, docid) ) {
|
|
775 | 775 |
throw new Exception("User " + user + |
776 | 776 |
" does not have permission to update XML Document #" + docid); |
777 | 777 |
} |
... | ... | |
828 | 828 |
String newdocid = ac.generate(docid, "DELETE"); |
829 | 829 |
|
830 | 830 |
// check for 'write' permission for 'user' to delete this document |
831 |
if ( !hasWritePermission(conn, docid, user, group) ) {
|
|
831 |
if ( !hasPermission(conn, user, group, docid) ) {
|
|
832 | 832 |
throw new Exception("User " + user + |
833 | 833 |
" does not have permission to delete XML Document #" + docid); |
834 | 834 |
} |
... | ... | |
846 | 846 |
conn.setAutoCommit(true); |
847 | 847 |
} |
848 | 848 |
|
849 |
/** Check for "write" permissions from DB connection */ |
|
850 |
private static boolean hasWritePermission(Connection conn, String docid, |
|
851 |
String user, String group) |
|
852 |
throws SQLException { |
|
849 |
/** |
|
850 |
* Check for "WRITE" permission on @docid for @user and/or @group |
|
851 |
* from DB connection |
|
852 |
*/ |
|
853 |
private static boolean hasPermission( Connection conn, String user, |
|
854 |
String group, String docid) |
|
855 |
throws SQLException |
|
856 |
{ |
|
853 | 857 |
// b' of the command line invocation |
854 | 858 |
if ( (user == null) && (group == null) ) { |
855 | 859 |
return true; |
856 | 860 |
} |
857 | 861 |
|
858 |
PreparedStatement pstmt; |
|
859 |
// checking if user is owner of docid |
|
860 |
try { |
|
861 |
pstmt = conn.prepareStatement( |
|
862 |
"SELECT 'x' FROM xml_documents " + |
|
863 |
"WHERE docid LIKE ? AND user_owner LIKE ?"); |
|
864 |
// Bind the values to the query |
|
865 |
pstmt.setString(1, docid); |
|
866 |
pstmt.setString(2, user); |
|
867 |
|
|
868 |
pstmt.execute(); |
|
869 |
ResultSet rs = pstmt.getResultSet(); |
|
870 |
boolean hasRow = rs.next(); |
|
871 |
pstmt.close(); |
|
872 |
if (hasRow) { |
|
873 |
return true; |
|
874 |
} |
|
875 |
|
|
876 |
} catch (SQLException e) { |
|
877 |
throw new |
|
878 |
SQLException("Error checking document's owner: " + e.getMessage()); |
|
862 |
// Check for WRITE permission on @docid for @user and/or @group |
|
863 |
AccessControlList aclobj = new AccessControlList(conn); |
|
864 |
boolean hasPermission = aclobj.hasPermission("WRITE",user,docid); |
|
865 |
if ( !hasPermission && group != null ) { |
|
866 |
hasPermission = aclobj.hasPermission("WRITE",group,docid); |
|
879 | 867 |
} |
880 |
|
|
881 |
// checking access type from xml_access table |
|
882 |
int accesstype = 0; |
|
883 |
try { |
|
884 |
pstmt = conn.prepareStatement( |
|
885 |
"SELECT access_type FROM xml_access " + |
|
886 |
"WHERE docid LIKE ? " + |
|
887 |
"AND principal_name LIKE ? " + |
|
888 |
"AND principal_type = 'user' " + |
|
889 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
890 |
"AND nvl(end_time,sysdate) " + |
|
891 |
"UNION " + |
|
892 |
"SELECT access_type FROM xml_access " + |
|
893 |
"WHERE docid LIKE ? " + |
|
894 |
"AND principal_name LIKE ? " + |
|
895 |
"AND principal_type = 'group' " + |
|
896 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
897 |
"AND nvl(end_time,sysdate)"); |
|
898 |
// Bind the values to the query |
|
899 |
pstmt.setString(1, docid); |
|
900 |
pstmt.setString(2, user); |
|
901 |
pstmt.setString(3, docid); |
|
902 |
pstmt.setString(4, group); |
|
903 |
|
|
904 |
pstmt.execute(); |
|
905 |
ResultSet rs = pstmt.getResultSet(); |
|
906 |
boolean hasRows = rs.next(); |
|
907 |
while ( hasRows ) { |
|
908 |
accesstype = rs.getInt(1); |
|
909 |
if ( (accesstype & WRITE) == WRITE ) { |
|
910 |
pstmt.close(); |
|
911 |
return true; |
|
912 |
} |
|
913 |
hasRows = rs.next(); |
|
914 |
} |
|
915 |
|
|
916 |
pstmt.close(); |
|
917 |
return false; |
|
918 |
|
|
919 |
} catch (SQLException e) { |
|
920 |
throw new |
|
921 |
SQLException("Error getting document's permissions: " + e.getMessage()); |
|
922 |
} |
|
868 |
|
|
869 |
return hasPermission; |
|
923 | 870 |
} |
924 | 871 |
|
925 | 872 |
/** |
Also available in: Unified diff
AccessControlList
- methods for parsing and loading acl file
- checkup method for permission for given principal on given resource
DBQuery
- checkup for READ permission using AccessControlList.hasPermission()
DocumentImpl
- using AccessControlList object to parse and load an acl file into xml_access table
- checkup for WRITE permission on UPDATE action using the same AccessControl.hasPermission()