Revision 570
Added by bojilova over 23 years ago
| DocumentImpl.java | ||
|---|---|---|
| 771 | 771 |
|
| 772 | 772 |
if ( action.equals("UPDATE") ) {
|
| 773 | 773 |
// check for 'write' permission for 'user' to update this document |
| 774 |
if ( !hasWritePermission(conn, docid, user, group) ) {
|
|
| 774 |
if ( !hasPermission(conn, user, group, docid) ) {
|
|
| 775 | 775 |
throw new Exception("User " + user +
|
| 776 | 776 |
" does not have permission to update XML Document #" + docid); |
| 777 | 777 |
} |
| ... | ... | |
| 828 | 828 |
String newdocid = ac.generate(docid, "DELETE"); |
| 829 | 829 |
|
| 830 | 830 |
// check for 'write' permission for 'user' to delete this document |
| 831 |
if ( !hasWritePermission(conn, docid, user, group) ) {
|
|
| 831 |
if ( !hasPermission(conn, user, group, docid) ) {
|
|
| 832 | 832 |
throw new Exception("User " + user +
|
| 833 | 833 |
" does not have permission to delete XML Document #" + docid); |
| 834 | 834 |
} |
| ... | ... | |
| 846 | 846 |
conn.setAutoCommit(true); |
| 847 | 847 |
} |
| 848 | 848 |
|
| 849 |
/** Check for "write" permissions from DB connection */ |
|
| 850 |
private static boolean hasWritePermission(Connection conn, String docid, |
|
| 851 |
String user, String group) |
|
| 852 |
throws SQLException {
|
|
| 849 |
/** |
|
| 850 |
* Check for "WRITE" permission on @docid for @user and/or @group |
|
| 851 |
* from DB connection |
|
| 852 |
*/ |
|
| 853 |
private static boolean hasPermission( Connection conn, String user, |
|
| 854 |
String group, String docid) |
|
| 855 |
throws SQLException |
|
| 856 |
{
|
|
| 853 | 857 |
// b' of the command line invocation |
| 854 | 858 |
if ( (user == null) && (group == null) ) {
|
| 855 | 859 |
return true; |
| 856 | 860 |
} |
| 857 | 861 |
|
| 858 |
PreparedStatement pstmt; |
|
| 859 |
// checking if user is owner of docid |
|
| 860 |
try {
|
|
| 861 |
pstmt = conn.prepareStatement( |
|
| 862 |
"SELECT 'x' FROM xml_documents " + |
|
| 863 |
"WHERE docid LIKE ? AND user_owner LIKE ?"); |
|
| 864 |
// Bind the values to the query |
|
| 865 |
pstmt.setString(1, docid); |
|
| 866 |
pstmt.setString(2, user); |
|
| 867 |
|
|
| 868 |
pstmt.execute(); |
|
| 869 |
ResultSet rs = pstmt.getResultSet(); |
|
| 870 |
boolean hasRow = rs.next(); |
|
| 871 |
pstmt.close(); |
|
| 872 |
if (hasRow) {
|
|
| 873 |
return true; |
|
| 874 |
} |
|
| 875 |
|
|
| 876 |
} catch (SQLException e) {
|
|
| 877 |
throw new |
|
| 878 |
SQLException("Error checking document's owner: " + e.getMessage());
|
|
| 862 |
// Check for WRITE permission on @docid for @user and/or @group |
|
| 863 |
AccessControlList aclobj = new AccessControlList(conn); |
|
| 864 |
boolean hasPermission = aclobj.hasPermission("WRITE",user,docid);
|
|
| 865 |
if ( !hasPermission && group != null ) {
|
|
| 866 |
hasPermission = aclobj.hasPermission("WRITE",group,docid);
|
|
| 879 | 867 |
} |
| 880 |
|
|
| 881 |
// checking access type from xml_access table |
|
| 882 |
int accesstype = 0; |
|
| 883 |
try {
|
|
| 884 |
pstmt = conn.prepareStatement( |
|
| 885 |
"SELECT access_type FROM xml_access " + |
|
| 886 |
"WHERE docid LIKE ? " + |
|
| 887 |
"AND principal_name LIKE ? " + |
|
| 888 |
"AND principal_type = 'user' " + |
|
| 889 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
| 890 |
"AND nvl(end_time,sysdate) " + |
|
| 891 |
"UNION " + |
|
| 892 |
"SELECT access_type FROM xml_access " + |
|
| 893 |
"WHERE docid LIKE ? " + |
|
| 894 |
"AND principal_name LIKE ? " + |
|
| 895 |
"AND principal_type = 'group' " + |
|
| 896 |
"AND sysdate BETWEEN nvl(begin_time,sysdate) " + |
|
| 897 |
"AND nvl(end_time,sysdate)"); |
|
| 898 |
// Bind the values to the query |
|
| 899 |
pstmt.setString(1, docid); |
|
| 900 |
pstmt.setString(2, user); |
|
| 901 |
pstmt.setString(3, docid); |
|
| 902 |
pstmt.setString(4, group); |
|
| 903 |
|
|
| 904 |
pstmt.execute(); |
|
| 905 |
ResultSet rs = pstmt.getResultSet(); |
|
| 906 |
boolean hasRows = rs.next(); |
|
| 907 |
while ( hasRows ) {
|
|
| 908 |
accesstype = rs.getInt(1); |
|
| 909 |
if ( (accesstype & WRITE) == WRITE ) {
|
|
| 910 |
pstmt.close(); |
|
| 911 |
return true; |
|
| 912 |
} |
|
| 913 |
hasRows = rs.next(); |
|
| 914 |
} |
|
| 915 |
|
|
| 916 |
pstmt.close(); |
|
| 917 |
return false; |
|
| 918 |
|
|
| 919 |
} catch (SQLException e) {
|
|
| 920 |
throw new |
|
| 921 |
SQLException("Error getting document's permissions: " + e.getMessage());
|
|
| 922 |
} |
|
| 868 |
|
|
| 869 |
return hasPermission; |
|
| 923 | 870 |
} |
| 924 | 871 |
|
| 925 | 872 |
/** |
Also available in: Unified diff
AccessControlList
- methods for parsing and loading acl file
- checkup method for permission for given principal on given resource
DBQuery
- checkup for READ permission using AccessControlList.hasPermission()
DocumentImpl
- using AccessControlList object to parse and load an acl file into xml_access table
- checkup for WRITE permission on UPDATE action using the same AccessControl.hasPermission()