Revision 6016
Added by ben leinfelder about 13 years ago
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
|---|---|---|
| 313 | 313 |
int permission = -1; |
| 314 | 314 |
String permOrder = ALLOWFIRST; |
| 315 | 315 |
String permType = null; |
| 316 |
String accessfileid = null; |
|
| 317 |
String subtreeid = null; |
|
| 316 | 318 |
|
| 317 | 319 |
// We assume that all the records will have the same permission order, so we can just |
| 318 | 320 |
// grab the perm order from the first one. |
| 319 | 321 |
if (xmlAccessDAOList.size() > 0) {
|
| 320 | 322 |
permOrder = xmlAccessDAOList.get(0).getPermOrder(); |
| 323 |
accessfileid = xmlAccessDAOList.get(0).getAccessFileId(); |
|
| 324 |
subtreeid = xmlAccessDAOList.get(0).getSubTreeId(); |
|
| 321 | 325 |
} |
| 322 | 326 |
|
| 323 | 327 |
output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _docId + "\" scope=\"document\"");
|
| 328 |
if (accessfileid != null) {
|
|
| 329 |
output.append(" accessfileid=\"" + accessfileid + "\"");
|
|
| 330 |
} |
|
| 331 |
if (subtreeid != null) {
|
|
| 332 |
output.append(" subtreeid=\"" + subtreeid + "\"");
|
|
| 333 |
} |
|
| 324 | 334 |
|
| 325 | 335 |
output.append(">\n");
|
| 326 | 336 |
|
| src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java | ||
|---|---|---|
| 52 | 52 |
import org.xml.sax.Attributes; |
| 53 | 53 |
import org.xml.sax.SAXException; |
| 54 | 54 |
|
| 55 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
|
| 55 | 56 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
| 56 | 57 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessRule; |
| 57 | 58 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessSection; |
| 59 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO; |
|
| 58 | 60 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 59 | 61 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 60 | 62 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| ... | ... | |
| 2079 | 2081 |
}//writeTopAccessRuletoDB |
| 2080 | 2082 |
|
| 2081 | 2083 |
/* Write a gaven access rule into db */ |
| 2082 |
private void writeGivenAccessRuleIntoDB(String permOrder, Vector accessRules, |
|
| 2084 |
private void writeGivenAccessRuleIntoDB(String permOrder, Vector<AccessRule> accessRules,
|
|
| 2083 | 2085 |
String dataId, String subTreeId) throws SAXException |
| 2084 | 2086 |
{
|
| 2085 | 2087 |
if (permOrder == null || permOrder.trim().equals("") || dataId == null ||
|
| ... | ... | |
| 2090 | 2092 |
" write to xml_access table"); |
| 2091 | 2093 |
throw new SAXException("The access object is null");
|
| 2092 | 2094 |
} |
| 2093 |
// get rid of rev from dataId |
|
| 2094 |
//dataId = MetacatUtil.getDocIdFromString(dataId); |
|
| 2095 |
//String permOrder = accessSection.getPermissionOrder(); |
|
| 2096 |
String sql = null; |
|
| 2097 |
PreparedStatement pstmt = null; |
|
| 2098 |
sql = "INSERT INTO xml_access (docid, principal_name, permission, " |
|
| 2099 |
+ "perm_type, perm_order, accessfileid, subtreeid) VALUES " |
|
| 2100 |
+ " (?, ?, ?, ?, ?, ?, ?)"; |
|
| 2101 |
|
|
| 2102 |
try |
|
| 2103 |
{
|
|
| 2104 |
|
|
| 2105 |
pstmt = connection.prepareStatement(sql); |
|
| 2106 |
// Increase DBConnection usage count |
|
| 2107 |
connection.increaseUsageCount(1); |
|
| 2108 |
// Bind the values to the query |
|
| 2109 |
pstmt.setString(1, dataId); |
|
| 2110 |
logMetacat.info("Docid in accesstable: " + docid);
|
|
| 2111 |
pstmt.setString(6, docid); |
|
| 2112 |
logMetacat.info("Accessfileid in accesstable: " + docid);
|
|
| 2113 |
pstmt.setString(5, permOrder); |
|
| 2114 |
logMetacat.info("PermOder in accesstable: " + permOrder);
|
|
| 2115 |
pstmt.setString(7, subTreeId); |
|
| 2116 |
logMetacat.info("subtree id in accesstable: " + subTreeId);
|
|
| 2117 |
// if it is not top level, set s id |
|
| 2118 |
|
|
| 2119 |
//Vector accessRules = accessSection.getAccessRules(); |
|
| 2095 |
try {
|
|
| 2096 |
AccessControlForSingleFile acfsf = new AccessControlForSingleFile(dataId); |
|
| 2120 | 2097 |
// go through every rule |
| 2121 |
for (int i = 0; i < accessRules.size(); i++) |
|
| 2122 |
{
|
|
| 2123 |
AccessRule rule = (AccessRule) accessRules.elementAt(i); |
|
| 2098 |
for (int i = 0; i < accessRules.size(); i++) {
|
|
| 2099 |
AccessRule rule = accessRules.elementAt(i); |
|
| 2124 | 2100 |
String permType = rule.getPermissionType(); |
| 2125 | 2101 |
int permission = rule.getPermission(); |
| 2126 |
pstmt.setInt(3, permission); |
|
| 2127 |
logMetacat.info("permission in accesstable: "
|
|
| 2128 |
+ permission); |
|
| 2129 |
pstmt.setString(4, permType); |
|
| 2130 |
logMetacat.info( |
|
| 2131 |
"Permtype in accesstable: " + permType); |
|
| 2102 |
logMetacat.info("permission in accesstable: " + permission);
|
|
| 2103 |
logMetacat.info("Permtype in accesstable: " + permType);
|
|
| 2132 | 2104 |
// go through every principle in rule |
| 2133 | 2105 |
Vector nameVector = rule.getPrincipal(); |
| 2134 |
for (int j = 0; j < nameVector.size(); j++) |
|
| 2135 |
{
|
|
| 2106 |
for (int j = 0; j < nameVector.size(); j++) {
|
|
| 2136 | 2107 |
String prName = (String) nameVector.elementAt(j); |
| 2137 |
pstmt.setString(2, prName); |
|
| 2138 |
logMetacat.info("Principal in accesstable: "
|
|
| 2139 |
+ prName); |
|
| 2140 |
logMetacat.debug("running sql: " + pstmt.toString());
|
|
| 2141 |
pstmt.execute(); |
|
| 2108 |
logMetacat.debug("Principal in accesstable: " + prName);
|
|
| 2109 |
XMLAccessDAO dao = new XMLAccessDAO(); |
|
| 2110 |
dao.setAccessFileId(docid); |
|
| 2111 |
dao.setDocId(dataId); |
|
| 2112 |
dao.setPermission(new Long(permission)); |
|
| 2113 |
dao.setPermOrder(permOrder); |
|
| 2114 |
dao.setPermType(permType); |
|
| 2115 |
dao.setPrincipalName(prName); |
|
| 2116 |
dao.setSubTreeId(subTreeId); |
|
| 2117 |
// insert if it does not exist |
|
| 2118 |
if (!acfsf.accessControlExists(dao)) {
|
|
| 2119 |
acfsf.insertPermissions(dao); |
|
| 2120 |
} |
|
| 2142 | 2121 |
}//for |
| 2143 | 2122 |
}//for |
| 2144 |
pstmt.close(); |
|
| 2123 |
|
|
| 2145 | 2124 |
}//try |
| 2146 |
catch (SQLException e) |
|
| 2147 |
{
|
|
| 2125 |
catch (Exception e) {
|
|
| 2148 | 2126 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
| 2149 | 2127 |
+ e.getMessage()); |
| 2150 | 2128 |
}//catch |
| 2151 |
finally |
|
| 2152 |
{
|
|
| 2153 |
try |
|
| 2154 |
{
|
|
| 2155 |
pstmt.close(); |
|
| 2156 |
} |
|
| 2157 |
catch (SQLException ee) |
|
| 2158 |
{
|
|
| 2159 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
|
| 2160 |
+ ee.getMessage()); |
|
| 2161 |
} |
|
| 2162 |
}//finally |
|
| 2163 | 2129 |
|
| 2164 | 2130 |
}//writeGivenAccessRuleIntoDB |
| 2165 | 2131 |
|
| src/edu/ucsb/nceas/metacat/Eml210SAXHandler.java | ||
|---|---|---|
| 46 | 46 |
import org.xml.sax.Attributes; |
| 47 | 47 |
import org.xml.sax.SAXException; |
| 48 | 48 |
|
| 49 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
|
| 49 | 50 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
| 50 | 51 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessRule; |
| 51 | 52 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessSection; |
| 53 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO; |
|
| 52 | 54 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 53 | 55 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 54 | 56 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| ... | ... | |
| 1425 | 1427 |
throw new SAXException("The access object is null");
|
| 1426 | 1428 |
} |
| 1427 | 1429 |
|
| 1430 |
String currentDocId = null; |
|
| 1431 |
String accessFileId = docid; |
|
| 1428 | 1432 |
String permOrder = accessSection.getPermissionOrder(); |
| 1429 |
String sql = null; |
|
| 1430 |
PreparedStatement pstmt = null; |
|
| 1431 | 1433 |
if (topLevel) {
|
| 1432 |
sql = "INSERT INTO xml_access (docid, principal_name, permission, " |
|
| 1433 |
+ "perm_type, perm_order, accessfileid) VALUES " |
|
| 1434 |
+ " (?, ?, ?, ?, ?, ?)"; |
|
| 1434 |
currentDocId = docid; |
|
| 1435 | 1435 |
} else {
|
| 1436 |
sql = "INSERT INTO xml_access (docid,principal_name, " |
|
| 1437 |
+ "permission, perm_type, perm_order, accessfileid, subtreeid" |
|
| 1438 |
+ ") VALUES" + " (?, ?, ?, ?, ?, ?, ?)"; |
|
| 1436 |
currentDocId = accessSection.getDataFileName(); |
|
| 1437 |
// for subtree should specify the |
|
| 1438 |
if (subSectionId == null) {
|
|
| 1439 |
throw new SAXException("The subsection is null");
|
|
| 1440 |
} |
|
| 1439 | 1441 |
} |
| 1440 | 1442 |
try {
|
| 1441 | 1443 |
|
| 1442 |
pstmt = connection.prepareStatement(sql); |
|
| 1443 |
// Increase DBConnection usage count |
|
| 1444 |
connection.increaseUsageCount(1); |
|
| 1445 |
// Bind the values to the query |
|
| 1446 |
pstmt.setString(6, docid); |
|
| 1447 |
logMetacat.debug("Accessfileid in accesstable: " + docid);
|
|
| 1448 |
pstmt.setString(5, permOrder); |
|
| 1449 |
logMetacat.debug("PermOder in accesstable: " + permOrder);
|
|
| 1450 |
// if it is not top level, set subsection id |
|
| 1451 |
if (topLevel) {
|
|
| 1452 |
pstmt.setString(1, docid); |
|
| 1453 |
logMetacat.debug("Docid in accesstable: " + docid);
|
|
| 1454 |
} |
|
| 1455 |
if (!topLevel) {
|
|
| 1456 |
pstmt.setString(1, accessSection.getDataFileName()); |
|
| 1457 |
logMetacat.debug("Docid in accesstable: " + inlineDataFileName);
|
|
| 1458 |
|
|
| 1459 |
// for subtree should specify the |
|
| 1460 |
if (subSectionId == null) {
|
|
| 1461 |
throw new SAXException("The subsection is null");
|
|
| 1462 |
} |
|
| 1463 |
|
|
| 1464 |
pstmt.setString(7, subSectionId); |
|
| 1465 |
logMetacat.debug("SubSectionId in accesstable: " + subSectionId);
|
|
| 1466 |
} |
|
| 1467 |
|
|
| 1444 |
AccessControlForSingleFile acfsf = new AccessControlForSingleFile(currentDocId); |
|
| 1468 | 1445 |
Vector<AccessRule> accessRules = accessSection.getAccessRules(); |
| 1469 | 1446 |
// go through every rule |
| 1470 | 1447 |
for (int i = 0; i < accessRules.size(); i++) {
|
| 1471 | 1448 |
AccessRule rule = accessRules.elementAt(i); |
| 1472 | 1449 |
String permType = rule.getPermissionType(); |
| 1473 | 1450 |
int permission = rule.getPermission(); |
| 1474 |
pstmt.setInt(3, permission); |
|
| 1475 | 1451 |
logMetacat.debug("permission in accesstable: " + permission);
|
| 1476 |
pstmt.setString(4, permType); |
|
| 1477 | 1452 |
logMetacat.debug("Permtype in accesstable: " + permType);
|
| 1478 | 1453 |
// go through every principle in rule |
| 1479 | 1454 |
Vector<String> nameVector = rule.getPrincipal(); |
| 1480 | 1455 |
for (int j = 0; j < nameVector.size(); j++) {
|
| 1481 | 1456 |
String prName = nameVector.elementAt(j); |
| 1482 |
pstmt.setString(2, prName); |
|
| 1483 | 1457 |
logMetacat.debug("Principal in accesstable: " + prName);
|
| 1484 |
logMetacat.debug("running sql: " + pstmt.toString());
|
|
| 1485 |
pstmt.execute(); |
|
| 1458 |
XMLAccessDAO dao = new XMLAccessDAO(); |
|
| 1459 |
dao.setAccessFileId(accessFileId); |
|
| 1460 |
dao.setDocId(currentDocId); |
|
| 1461 |
dao.setPermission(new Long(permission)); |
|
| 1462 |
dao.setPermOrder(permOrder); |
|
| 1463 |
dao.setPermType(permType); |
|
| 1464 |
dao.setPrincipalName(prName); |
|
| 1465 |
dao.setSubTreeId(subSectionId); |
|
| 1466 |
// insert if it does not exist |
|
| 1467 |
if (!acfsf.accessControlExists(dao)) {
|
|
| 1468 |
acfsf.insertPermissions(dao); |
|
| 1469 |
} |
|
| 1470 |
|
|
| 1486 | 1471 |
}// for |
| 1487 | 1472 |
}// for |
| 1488 |
pstmt.close(); |
|
| 1489 | 1473 |
}// try |
| 1490 |
catch (SQLException e) {
|
|
| 1474 |
catch (Exception e) {
|
|
| 1491 | 1475 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
| 1492 | 1476 |
+ e.getMessage()); |
| 1493 | 1477 |
}// catch |
| 1494 |
finally {
|
|
| 1495 |
try {
|
|
| 1496 |
pstmt.close(); |
|
| 1497 |
} catch (SQLException ee) {
|
|
| 1498 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
|
| 1499 |
+ ee.getMessage()); |
|
| 1500 |
} |
|
| 1501 |
}// finally |
|
| 1502 | 1478 |
|
| 1503 | 1479 |
}// writeGivenAccessRuleIntoDB |
| 1504 | 1480 |
|
| 1505 |
/* Write a gaven access rule into db */ |
|
| 1506 |
private void writeAccessRuleForRelatedDataFileIntoDB(AccessSection accessSection, |
|
| 1507 |
String dataId) throws SAXException {
|
|
| 1508 |
if (accessSection == null) {
|
|
| 1509 |
throw new SAXException("The access object is null");
|
|
| 1510 |
} |
|
| 1511 |
// get rid of rev from dataId |
|
| 1512 |
// dataId = MetacatUtil.getDocIdFromString(dataId); |
|
| 1513 |
String permOrder = accessSection.getPermissionOrder(); |
|
| 1514 |
String sql = null; |
|
| 1515 |
PreparedStatement pstmt = null; |
|
| 1516 |
sql = "INSERT INTO xml_access (docid, principal_name, permission, " |
|
| 1517 |
+ "perm_type, perm_order, accessfileid) VALUES " + " (?, ?, ?, ?, ?, ?)"; |
|
| 1518 |
|
|
| 1519 |
try {
|
|
| 1520 |
|
|
| 1521 |
pstmt = connection.prepareStatement(sql); |
|
| 1522 |
// Increase DBConnection usage count |
|
| 1523 |
connection.increaseUsageCount(1); |
|
| 1524 |
// Bind the values to the query |
|
| 1525 |
pstmt.setString(1, dataId); |
|
| 1526 |
logMetacat.debug("Docid in accesstable: " + docid);
|
|
| 1527 |
pstmt.setString(6, docid); |
|
| 1528 |
logMetacat.debug("Accessfileid in accesstable: " + docid);
|
|
| 1529 |
pstmt.setString(5, permOrder); |
|
| 1530 |
logMetacat.debug("PermOder in accesstable: " + permOrder);
|
|
| 1531 |
// if it is not top level, set subsection id |
|
| 1532 |
|
|
| 1533 |
Vector<AccessRule> accessRules = accessSection.getAccessRules(); |
|
| 1534 |
// go through every rule |
|
| 1535 |
for (int i = 0; i < accessRules.size(); i++) {
|
|
| 1536 |
AccessRule rule = accessRules.elementAt(i); |
|
| 1537 |
String permType = rule.getPermissionType(); |
|
| 1538 |
int permission = rule.getPermission(); |
|
| 1539 |
pstmt.setInt(3, permission); |
|
| 1540 |
logMetacat.debug("permission in accesstable: " + permission);
|
|
| 1541 |
pstmt.setString(4, permType); |
|
| 1542 |
logMetacat.debug("Permtype in accesstable: " + permType);
|
|
| 1543 |
// go through every principle in rule |
|
| 1544 |
Vector<String> nameVector = rule.getPrincipal(); |
|
| 1545 |
for (int j = 0; j < nameVector.size(); j++) {
|
|
| 1546 |
String prName = nameVector.elementAt(j); |
|
| 1547 |
pstmt.setString(2, prName); |
|
| 1548 |
logMetacat.debug("Principal in accesstable: " + prName);
|
|
| 1549 |
logMetacat.debug("running sql: " + pstmt.toString());
|
|
| 1550 |
pstmt.execute(); |
|
| 1551 |
}// for |
|
| 1552 |
}// for |
|
| 1553 |
pstmt.close(); |
|
| 1554 |
}// try |
|
| 1555 |
catch (SQLException e) {
|
|
| 1556 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
|
| 1557 |
+ e.getMessage()); |
|
| 1558 |
}// catch |
|
| 1559 |
finally {
|
|
| 1560 |
try {
|
|
| 1561 |
pstmt.close(); |
|
| 1562 |
} catch (SQLException ee) {
|
|
| 1563 |
throw new SAXException("EMLSAXHandler.writeAccessRuletoDB(): "
|
|
| 1564 |
+ ee.getMessage()); |
|
| 1565 |
} |
|
| 1566 |
}// finally |
|
| 1567 |
|
|
| 1568 |
}// writeAccessRuleForRalatedDataFileIntoDB |
|
| 1569 |
|
|
| 1570 | 1481 |
/* Delete from db all permission for resources related to @aclid if any. */ |
| 1571 | 1482 |
private void deletePermissionsInAccessTable(String aclid) throws SAXException {
|
| 1572 | 1483 |
Statement stmt = null; |
| src/edu/ucsb/nceas/metacat/DocInfoHandler.java | ||
|---|---|---|
| 48 | 48 |
private String _currentTag = null; |
| 49 | 49 |
private XMLAccessDAO _currentAccessDAO = null; |
| 50 | 50 |
private String _accessPermOrder; |
| 51 |
private String _accessFileId; |
|
| 52 |
private String _subTreeId; |
|
| 51 | 53 |
private String _docId; |
| 52 | 54 |
private boolean _inPrincipal = false; |
| 53 | 55 |
private boolean _inPermission = false; |
| ... | ... | |
| 77 | 79 |
if (_accessPermOrder == null) {
|
| 78 | 80 |
_accessPermOrder = attributes.getValue("order");
|
| 79 | 81 |
} |
| 82 |
if (_accessFileId == null) {
|
|
| 83 |
_accessFileId = attributes.getValue("accessfileid");
|
|
| 84 |
} |
|
| 85 |
if (_subTreeId == null) {
|
|
| 86 |
_subTreeId = attributes.getValue("subtreeid");
|
|
| 87 |
} |
|
| 80 | 88 |
} else if (_currentTag.equals(AccessControlInterface.ALLOW)) {
|
| 81 | 89 |
_inAllow = true; |
| 82 | 90 |
} else if (_currentTag.equals(AccessControlInterface.DENY)) {
|
| ... | ... | |
| 89 | 97 |
_currentAccessDAO = new XMLAccessDAO(); |
| 90 | 98 |
_currentAccessDAO.setDocId(_docId); |
| 91 | 99 |
_currentAccessDAO.setPermOrder(_accessPermOrder); |
| 100 |
_currentAccessDAO.setAccessFileId(_accessFileId); |
|
| 101 |
_currentAccessDAO.setSubTreeId(_subTreeId); |
|
| 102 |
_currentAccessDAO.setDocId(_docId); |
|
| 92 | 103 |
if (_inAllow) {
|
| 93 | 104 |
_currentAccessDAO.setPermType(AccessControlInterface.ALLOW); |
| 94 | 105 |
} |
Also available in: Unified diff
use access control dao for setting access in EML parser. send additional xml_access info in replication request