Project

General

Profile

« Previous | Next » 

Revision 6108

read and write D1 access policy rules from metacat xml_access table.
still TBD: which mechanism takes precedence when there are systemMetadata access rules and EML access rules and other access rules?

View differences:

src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java
30 30
import java.sql.PreparedStatement;
31 31
import java.sql.ResultSet;
32 32
import java.sql.SQLException;
33
import java.util.List;
33 34
import java.util.Vector;
34 35

  
35 36
import org.apache.log4j.Logger;
......
314 315
	 * @param xmlAccessList
315 316
	 *            list of xml access dao objects that hold new access for the document
316 317
	 */
317
	public void replaceAccess(String docId, Vector<XMLAccessDAO> xmlAccessList) throws AccessException {
318
	public void replaceAccess(String docId, List<XMLAccessDAO> xmlAccessList) throws AccessException {
318 319
		deleteXMLAccessForDoc(docId);
319 320
		
320 321
		// if more than one record exists for this principal on this document with the same
src/edu/ucsb/nceas/metacat/dataone/CrudService.java
1477 1477
                sysmeta.getDateSysMetadataModified());
1478 1478

  
1479 1479
        //insert the system metadata
1480
        IdentifierManager.getInstance().createSystemMetadata(sysmeta);
1481
        IdentifierManager.getInstance().updateSystemMetadata(sysmeta);
1480
        try {
1481
			IdentifierManager.getInstance().createSystemMetadata(sysmeta);
1482
			IdentifierManager.getInstance().updateSystemMetadata(sysmeta);
1483
		} catch (Exception e) {
1484
            throw new ServiceFailure("1030", "Error inserting system metadata: " + e.getClass() + ": " + e.getMessage());
1485
		}
1482 1486
        
1487
        
1483 1488
    }
1484 1489
    
1485 1490
    /**
src/edu/ucsb/nceas/metacat/IdentifierManager.java
35 35
import java.util.Vector;
36 36

  
37 37
import org.apache.log4j.Logger;
38
import org.dataone.service.types.AccessPolicy;
39
import org.dataone.service.types.AccessRule;
38 40
import org.dataone.service.types.Checksum;
39 41
import org.dataone.service.types.ChecksumAlgorithm;
40 42
import org.dataone.service.types.Identifier;
......
42 44
import org.dataone.service.types.ObjectFormat;
43 45
import org.dataone.service.types.ObjectInfo;
44 46
import org.dataone.service.types.ObjectList;
47
import org.dataone.service.types.Permission;
45 48
import org.dataone.service.types.Replica;
46 49
import org.dataone.service.types.ReplicationPolicy;
47 50
import org.dataone.service.types.ReplicationStatus;
48 51
import org.dataone.service.types.Subject;
49 52
import org.dataone.service.types.SystemMetadata;
50 53

  
54
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile;
55
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface;
56
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessAccess;
57
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO;
51 58
import edu.ucsb.nceas.metacat.database.DBConnection;
52 59
import edu.ucsb.nceas.metacat.database.DBConnectionPool;
53 60
import edu.ucsb.nceas.metacat.properties.PropertyService;
61
import edu.ucsb.nceas.metacat.shared.AccessException;
54 62
import edu.ucsb.nceas.metacat.util.DocumentUtil;
55 63

  
56 64
/**
......
213 221
     * return a hash of all of the info that is in the systemmetadata table
214 222
     * @param guid
215 223
     * @return
224
     * @throws McdbDocNotFoundException 
216 225
     */
217 226
    public SystemMetadata getSystemMetadata(String guid)
218 227
    	throws McdbDocNotFoundException
......
308 317
		
309 318
		// look up replication status
310 319
		sysMeta.setReplicaList(getReplicationStatus(guid));
320
		
321
		// look up access policy
322
		try {
323
			sysMeta.setAccessPolicy(getAccessPolicy(guid));
324
		} catch (AccessException e) {
325
			throw new McdbDocNotFoundException(e);
326
		}
311 327
        
312 328
        return sysMeta;
313 329
    }
......
810 826
     * 
811 827
     * @param guid the id to insert
812 828
     * @param localId the systemMetadata object to get the local id for
829
     * @throws McdbDocNotFoundException 
813 830
     */
814
    public void createSystemMetadata(SystemMetadata sysmeta)
831
    public void createSystemMetadata(SystemMetadata sysmeta) throws McdbDocNotFoundException
815 832
    {
816 833
        insertSystemMetadata(sysmeta.getIdentifier().getValue());
817 834
        updateSystemMetadata(sysmeta);
......
1068 1085
    /**
1069 1086
     * Insert the system metadata fields into the db
1070 1087
     * @param sm
1088
     * @throws McdbDocNotFoundException 
1071 1089
     */
1072
    public void updateSystemMetadata(SystemMetadata sm) {
1090
    public void updateSystemMetadata(SystemMetadata sm) throws McdbDocNotFoundException {
1073 1091
    	
1074 1092
        Boolean replicationAllowed = false;
1075 1093
		Integer numberReplicas = -1;
......
1160 1178
        // save replica information
1161 1179
        this.insertReplicationStatus(guid, sm.getReplicaList());
1162 1180
        
1181
        // save access policy
1182
        AccessPolicy accessPolicy = sm.getAccessPolicy();
1183
        if (accessPolicy != null) {
1184
        	try {
1185
				this.insertAccessPolicy(guid, accessPolicy);
1186
			} catch (AccessException e) {
1187
				throw new McdbDocNotFoundException(e);
1188
			}
1189
        }
1163 1190
    }
1164 1191
    
1165 1192
    /**
1193
     * Creates Metacat access rules and inserts them
1194
     * @param accessPolicy
1195
     * @throws McdbDocNotFoundException
1196
     * @throws AccessException
1197
     */
1198
    private void insertAccessPolicy(String guid, AccessPolicy accessPolicy) throws McdbDocNotFoundException, AccessException {
1199
    	
1200
    	String docid = getLocalId(guid);
1201
    	List<XMLAccessDAO> accessDAOs = new ArrayList<XMLAccessDAO>();
1202
        for (AccessRule accessRule: accessPolicy.getAllowList()) {
1203
        	List<Subject> subjects = accessRule.getSubjectList();
1204
        	List<Identifier> resources = accessRule.getResourceList();
1205
        	List<Permission> permissions = accessRule.getPermissionList();
1206
        	for (Subject subject: subjects) {
1207
        		for (Identifier resource: resources) {
1208
        			docid = getLocalId(resource.getValue());
1209
        			XMLAccessDAO accessDAO = new XMLAccessDAO();
1210
            		accessDAO.setPrincipalName(subject.getValue());
1211
        			accessDAO.setDocId(docid);
1212
        			accessDAO.setPermType(AccessControlInterface.ALLOW);
1213
        			accessDAO.setPermOrder(AccessControlInterface.DENYFIRST);
1214
        			for (Permission permission: permissions) {
1215
        				Long metacatPermission = new Long(convertPermission(permission));
1216
	        			accessDAO.addPermission(metacatPermission);
1217
        			}
1218
        			accessDAOs.add(accessDAO);
1219
        		}
1220
        	}
1221
        }
1222
        
1223
        XMLAccessAccess accessController  = new XMLAccessAccess();
1224
        accessController.replaceAccess(docid, accessDAOs);
1225
        
1226
        
1227
    }
1228
    
1229
    /**
1230
     * Lookup access policy from Metacat
1231
     * @param guid
1232
     * @return
1233
     * @throws McdbDocNotFoundException
1234
     * @throws AccessException
1235
     */
1236
    private AccessPolicy getAccessPolicy(String guid) throws McdbDocNotFoundException, AccessException {
1237
    	String docid = getLocalId(guid);
1238
        XMLAccessAccess accessController  = new XMLAccessAccess();
1239
    	List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(docid);
1240
    	AccessRule accessRule = new AccessRule();
1241
    	Identifier resource = new Identifier();
1242
    	resource.setValue(guid);
1243
    	accessRule.addResource(resource);
1244
        for (XMLAccessDAO accessDAO: accessDAOs) {
1245
        	Permission permission = convertPermission(accessDAO.getPermission().intValue());
1246
        	accessRule.addPermission(permission);
1247
        	Subject subject = new Subject();
1248
        	subject.setValue(accessDAO.getPrincipalName());
1249
        	accessRule.addSubject(subject);
1250
        }
1251
        AccessPolicy accessPolicy = new AccessPolicy();
1252
        accessPolicy.addAllow(accessRule);
1253
        return accessPolicy;
1254
    }
1255
    
1256
    public int convertPermission(Permission permission) {
1257
    	if (permission.equals(Permission.READ)) {
1258
    		return AccessControlInterface.READ;
1259
    	}
1260
    	if (permission.equals(Permission.WRITE)) {
1261
    		return AccessControlInterface.WRITE;
1262
    	}
1263
    	if (permission.equals(Permission.CHANGE_PERMISSION)) {
1264
    		return AccessControlInterface.CHMOD;
1265
    	}
1266
		return -1;
1267
    }
1268
    
1269
    public Permission convertPermission(int permission) {
1270
    	if (permission == AccessControlInterface.READ) {
1271
    		return Permission.READ;
1272
    	}
1273
    	if (permission == AccessControlInterface.WRITE) {
1274
    		return Permission.WRITE;
1275
    	}
1276
    	if (permission == AccessControlInterface.CHMOD) {
1277
    		return Permission.CHANGE_PERMISSION;
1278
    	}
1279
		return null;
1280
    }
1281
    
1282
    /**
1166 1283
     * Lookup a localId given the GUID. If
1167 1284
     * the identifier is not found, throw an exception.
1168 1285
     * 

Also available in: Unified diff