35 |
35 |
import java.util.Vector;
|
36 |
36 |
|
37 |
37 |
import org.apache.log4j.Logger;
|
|
38 |
import org.dataone.service.types.AccessPolicy;
|
|
39 |
import org.dataone.service.types.AccessRule;
|
38 |
40 |
import org.dataone.service.types.Checksum;
|
39 |
41 |
import org.dataone.service.types.ChecksumAlgorithm;
|
40 |
42 |
import org.dataone.service.types.Identifier;
|
... | ... | |
42 |
44 |
import org.dataone.service.types.ObjectFormat;
|
43 |
45 |
import org.dataone.service.types.ObjectInfo;
|
44 |
46 |
import org.dataone.service.types.ObjectList;
|
|
47 |
import org.dataone.service.types.Permission;
|
45 |
48 |
import org.dataone.service.types.Replica;
|
46 |
49 |
import org.dataone.service.types.ReplicationPolicy;
|
47 |
50 |
import org.dataone.service.types.ReplicationStatus;
|
48 |
51 |
import org.dataone.service.types.Subject;
|
49 |
52 |
import org.dataone.service.types.SystemMetadata;
|
50 |
53 |
|
|
54 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile;
|
|
55 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface;
|
|
56 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessAccess;
|
|
57 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO;
|
51 |
58 |
import edu.ucsb.nceas.metacat.database.DBConnection;
|
52 |
59 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool;
|
53 |
60 |
import edu.ucsb.nceas.metacat.properties.PropertyService;
|
|
61 |
import edu.ucsb.nceas.metacat.shared.AccessException;
|
54 |
62 |
import edu.ucsb.nceas.metacat.util.DocumentUtil;
|
55 |
63 |
|
56 |
64 |
/**
|
... | ... | |
213 |
221 |
* return a hash of all of the info that is in the systemmetadata table
|
214 |
222 |
* @param guid
|
215 |
223 |
* @return
|
|
224 |
* @throws McdbDocNotFoundException
|
216 |
225 |
*/
|
217 |
226 |
public SystemMetadata getSystemMetadata(String guid)
|
218 |
227 |
throws McdbDocNotFoundException
|
... | ... | |
308 |
317 |
|
309 |
318 |
// look up replication status
|
310 |
319 |
sysMeta.setReplicaList(getReplicationStatus(guid));
|
|
320 |
|
|
321 |
// look up access policy
|
|
322 |
try {
|
|
323 |
sysMeta.setAccessPolicy(getAccessPolicy(guid));
|
|
324 |
} catch (AccessException e) {
|
|
325 |
throw new McdbDocNotFoundException(e);
|
|
326 |
}
|
311 |
327 |
|
312 |
328 |
return sysMeta;
|
313 |
329 |
}
|
... | ... | |
810 |
826 |
*
|
811 |
827 |
* @param guid the id to insert
|
812 |
828 |
* @param localId the systemMetadata object to get the local id for
|
|
829 |
* @throws McdbDocNotFoundException
|
813 |
830 |
*/
|
814 |
|
public void createSystemMetadata(SystemMetadata sysmeta)
|
|
831 |
public void createSystemMetadata(SystemMetadata sysmeta) throws McdbDocNotFoundException
|
815 |
832 |
{
|
816 |
833 |
insertSystemMetadata(sysmeta.getIdentifier().getValue());
|
817 |
834 |
updateSystemMetadata(sysmeta);
|
... | ... | |
1068 |
1085 |
/**
|
1069 |
1086 |
* Insert the system metadata fields into the db
|
1070 |
1087 |
* @param sm
|
|
1088 |
* @throws McdbDocNotFoundException
|
1071 |
1089 |
*/
|
1072 |
|
public void updateSystemMetadata(SystemMetadata sm) {
|
|
1090 |
public void updateSystemMetadata(SystemMetadata sm) throws McdbDocNotFoundException {
|
1073 |
1091 |
|
1074 |
1092 |
Boolean replicationAllowed = false;
|
1075 |
1093 |
Integer numberReplicas = -1;
|
... | ... | |
1160 |
1178 |
// save replica information
|
1161 |
1179 |
this.insertReplicationStatus(guid, sm.getReplicaList());
|
1162 |
1180 |
|
|
1181 |
// save access policy
|
|
1182 |
AccessPolicy accessPolicy = sm.getAccessPolicy();
|
|
1183 |
if (accessPolicy != null) {
|
|
1184 |
try {
|
|
1185 |
this.insertAccessPolicy(guid, accessPolicy);
|
|
1186 |
} catch (AccessException e) {
|
|
1187 |
throw new McdbDocNotFoundException(e);
|
|
1188 |
}
|
|
1189 |
}
|
1163 |
1190 |
}
|
1164 |
1191 |
|
1165 |
1192 |
/**
|
|
1193 |
* Creates Metacat access rules and inserts them
|
|
1194 |
* @param accessPolicy
|
|
1195 |
* @throws McdbDocNotFoundException
|
|
1196 |
* @throws AccessException
|
|
1197 |
*/
|
|
1198 |
private void insertAccessPolicy(String guid, AccessPolicy accessPolicy) throws McdbDocNotFoundException, AccessException {
|
|
1199 |
|
|
1200 |
String docid = getLocalId(guid);
|
|
1201 |
List<XMLAccessDAO> accessDAOs = new ArrayList<XMLAccessDAO>();
|
|
1202 |
for (AccessRule accessRule: accessPolicy.getAllowList()) {
|
|
1203 |
List<Subject> subjects = accessRule.getSubjectList();
|
|
1204 |
List<Identifier> resources = accessRule.getResourceList();
|
|
1205 |
List<Permission> permissions = accessRule.getPermissionList();
|
|
1206 |
for (Subject subject: subjects) {
|
|
1207 |
for (Identifier resource: resources) {
|
|
1208 |
docid = getLocalId(resource.getValue());
|
|
1209 |
XMLAccessDAO accessDAO = new XMLAccessDAO();
|
|
1210 |
accessDAO.setPrincipalName(subject.getValue());
|
|
1211 |
accessDAO.setDocId(docid);
|
|
1212 |
accessDAO.setPermType(AccessControlInterface.ALLOW);
|
|
1213 |
accessDAO.setPermOrder(AccessControlInterface.DENYFIRST);
|
|
1214 |
for (Permission permission: permissions) {
|
|
1215 |
Long metacatPermission = new Long(convertPermission(permission));
|
|
1216 |
accessDAO.addPermission(metacatPermission);
|
|
1217 |
}
|
|
1218 |
accessDAOs.add(accessDAO);
|
|
1219 |
}
|
|
1220 |
}
|
|
1221 |
}
|
|
1222 |
|
|
1223 |
XMLAccessAccess accessController = new XMLAccessAccess();
|
|
1224 |
accessController.replaceAccess(docid, accessDAOs);
|
|
1225 |
|
|
1226 |
|
|
1227 |
}
|
|
1228 |
|
|
1229 |
/**
|
|
1230 |
* Lookup access policy from Metacat
|
|
1231 |
* @param guid
|
|
1232 |
* @return
|
|
1233 |
* @throws McdbDocNotFoundException
|
|
1234 |
* @throws AccessException
|
|
1235 |
*/
|
|
1236 |
private AccessPolicy getAccessPolicy(String guid) throws McdbDocNotFoundException, AccessException {
|
|
1237 |
String docid = getLocalId(guid);
|
|
1238 |
XMLAccessAccess accessController = new XMLAccessAccess();
|
|
1239 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(docid);
|
|
1240 |
AccessRule accessRule = new AccessRule();
|
|
1241 |
Identifier resource = new Identifier();
|
|
1242 |
resource.setValue(guid);
|
|
1243 |
accessRule.addResource(resource);
|
|
1244 |
for (XMLAccessDAO accessDAO: accessDAOs) {
|
|
1245 |
Permission permission = convertPermission(accessDAO.getPermission().intValue());
|
|
1246 |
accessRule.addPermission(permission);
|
|
1247 |
Subject subject = new Subject();
|
|
1248 |
subject.setValue(accessDAO.getPrincipalName());
|
|
1249 |
accessRule.addSubject(subject);
|
|
1250 |
}
|
|
1251 |
AccessPolicy accessPolicy = new AccessPolicy();
|
|
1252 |
accessPolicy.addAllow(accessRule);
|
|
1253 |
return accessPolicy;
|
|
1254 |
}
|
|
1255 |
|
|
1256 |
public int convertPermission(Permission permission) {
|
|
1257 |
if (permission.equals(Permission.READ)) {
|
|
1258 |
return AccessControlInterface.READ;
|
|
1259 |
}
|
|
1260 |
if (permission.equals(Permission.WRITE)) {
|
|
1261 |
return AccessControlInterface.WRITE;
|
|
1262 |
}
|
|
1263 |
if (permission.equals(Permission.CHANGE_PERMISSION)) {
|
|
1264 |
return AccessControlInterface.CHMOD;
|
|
1265 |
}
|
|
1266 |
return -1;
|
|
1267 |
}
|
|
1268 |
|
|
1269 |
public Permission convertPermission(int permission) {
|
|
1270 |
if (permission == AccessControlInterface.READ) {
|
|
1271 |
return Permission.READ;
|
|
1272 |
}
|
|
1273 |
if (permission == AccessControlInterface.WRITE) {
|
|
1274 |
return Permission.WRITE;
|
|
1275 |
}
|
|
1276 |
if (permission == AccessControlInterface.CHMOD) {
|
|
1277 |
return Permission.CHANGE_PERMISSION;
|
|
1278 |
}
|
|
1279 |
return null;
|
|
1280 |
}
|
|
1281 |
|
|
1282 |
/**
|
1166 |
1283 |
* Lookup a localId given the GUID. If
|
1167 |
1284 |
* the identifier is not found, throw an exception.
|
1168 |
1285 |
*
|
read and write D1 access policy rules from metacat xml_access table.
still TBD: which mechanism takes precedence when there are systemMetadata access rules and EML access rules and other access rules?