Revision 6108
Added by ben leinfelder almost 13 years ago
IdentifierManager.java | ||
---|---|---|
35 | 35 |
import java.util.Vector; |
36 | 36 |
|
37 | 37 |
import org.apache.log4j.Logger; |
38 |
import org.dataone.service.types.AccessPolicy; |
|
39 |
import org.dataone.service.types.AccessRule; |
|
38 | 40 |
import org.dataone.service.types.Checksum; |
39 | 41 |
import org.dataone.service.types.ChecksumAlgorithm; |
40 | 42 |
import org.dataone.service.types.Identifier; |
... | ... | |
42 | 44 |
import org.dataone.service.types.ObjectFormat; |
43 | 45 |
import org.dataone.service.types.ObjectInfo; |
44 | 46 |
import org.dataone.service.types.ObjectList; |
47 |
import org.dataone.service.types.Permission; |
|
45 | 48 |
import org.dataone.service.types.Replica; |
46 | 49 |
import org.dataone.service.types.ReplicationPolicy; |
47 | 50 |
import org.dataone.service.types.ReplicationStatus; |
48 | 51 |
import org.dataone.service.types.Subject; |
49 | 52 |
import org.dataone.service.types.SystemMetadata; |
50 | 53 |
|
54 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
|
55 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
|
56 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessAccess; |
|
57 |
import edu.ucsb.nceas.metacat.accesscontrol.XMLAccessDAO; |
|
51 | 58 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
52 | 59 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
53 | 60 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
61 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
|
54 | 62 |
import edu.ucsb.nceas.metacat.util.DocumentUtil; |
55 | 63 |
|
56 | 64 |
/** |
... | ... | |
213 | 221 |
* return a hash of all of the info that is in the systemmetadata table |
214 | 222 |
* @param guid |
215 | 223 |
* @return |
224 |
* @throws McdbDocNotFoundException |
|
216 | 225 |
*/ |
217 | 226 |
public SystemMetadata getSystemMetadata(String guid) |
218 | 227 |
throws McdbDocNotFoundException |
... | ... | |
308 | 317 |
|
309 | 318 |
// look up replication status |
310 | 319 |
sysMeta.setReplicaList(getReplicationStatus(guid)); |
320 |
|
|
321 |
// look up access policy |
|
322 |
try { |
|
323 |
sysMeta.setAccessPolicy(getAccessPolicy(guid)); |
|
324 |
} catch (AccessException e) { |
|
325 |
throw new McdbDocNotFoundException(e); |
|
326 |
} |
|
311 | 327 |
|
312 | 328 |
return sysMeta; |
313 | 329 |
} |
... | ... | |
810 | 826 |
* |
811 | 827 |
* @param guid the id to insert |
812 | 828 |
* @param localId the systemMetadata object to get the local id for |
829 |
* @throws McdbDocNotFoundException |
|
813 | 830 |
*/ |
814 |
public void createSystemMetadata(SystemMetadata sysmeta) |
|
831 |
public void createSystemMetadata(SystemMetadata sysmeta) throws McdbDocNotFoundException
|
|
815 | 832 |
{ |
816 | 833 |
insertSystemMetadata(sysmeta.getIdentifier().getValue()); |
817 | 834 |
updateSystemMetadata(sysmeta); |
... | ... | |
1068 | 1085 |
/** |
1069 | 1086 |
* Insert the system metadata fields into the db |
1070 | 1087 |
* @param sm |
1088 |
* @throws McdbDocNotFoundException |
|
1071 | 1089 |
*/ |
1072 |
public void updateSystemMetadata(SystemMetadata sm) { |
|
1090 |
public void updateSystemMetadata(SystemMetadata sm) throws McdbDocNotFoundException {
|
|
1073 | 1091 |
|
1074 | 1092 |
Boolean replicationAllowed = false; |
1075 | 1093 |
Integer numberReplicas = -1; |
... | ... | |
1160 | 1178 |
// save replica information |
1161 | 1179 |
this.insertReplicationStatus(guid, sm.getReplicaList()); |
1162 | 1180 |
|
1181 |
// save access policy |
|
1182 |
AccessPolicy accessPolicy = sm.getAccessPolicy(); |
|
1183 |
if (accessPolicy != null) { |
|
1184 |
try { |
|
1185 |
this.insertAccessPolicy(guid, accessPolicy); |
|
1186 |
} catch (AccessException e) { |
|
1187 |
throw new McdbDocNotFoundException(e); |
|
1188 |
} |
|
1189 |
} |
|
1163 | 1190 |
} |
1164 | 1191 |
|
1165 | 1192 |
/** |
1193 |
* Creates Metacat access rules and inserts them |
|
1194 |
* @param accessPolicy |
|
1195 |
* @throws McdbDocNotFoundException |
|
1196 |
* @throws AccessException |
|
1197 |
*/ |
|
1198 |
private void insertAccessPolicy(String guid, AccessPolicy accessPolicy) throws McdbDocNotFoundException, AccessException { |
|
1199 |
|
|
1200 |
String docid = getLocalId(guid); |
|
1201 |
List<XMLAccessDAO> accessDAOs = new ArrayList<XMLAccessDAO>(); |
|
1202 |
for (AccessRule accessRule: accessPolicy.getAllowList()) { |
|
1203 |
List<Subject> subjects = accessRule.getSubjectList(); |
|
1204 |
List<Identifier> resources = accessRule.getResourceList(); |
|
1205 |
List<Permission> permissions = accessRule.getPermissionList(); |
|
1206 |
for (Subject subject: subjects) { |
|
1207 |
for (Identifier resource: resources) { |
|
1208 |
docid = getLocalId(resource.getValue()); |
|
1209 |
XMLAccessDAO accessDAO = new XMLAccessDAO(); |
|
1210 |
accessDAO.setPrincipalName(subject.getValue()); |
|
1211 |
accessDAO.setDocId(docid); |
|
1212 |
accessDAO.setPermType(AccessControlInterface.ALLOW); |
|
1213 |
accessDAO.setPermOrder(AccessControlInterface.DENYFIRST); |
|
1214 |
for (Permission permission: permissions) { |
|
1215 |
Long metacatPermission = new Long(convertPermission(permission)); |
|
1216 |
accessDAO.addPermission(metacatPermission); |
|
1217 |
} |
|
1218 |
accessDAOs.add(accessDAO); |
|
1219 |
} |
|
1220 |
} |
|
1221 |
} |
|
1222 |
|
|
1223 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
1224 |
accessController.replaceAccess(docid, accessDAOs); |
|
1225 |
|
|
1226 |
|
|
1227 |
} |
|
1228 |
|
|
1229 |
/** |
|
1230 |
* Lookup access policy from Metacat |
|
1231 |
* @param guid |
|
1232 |
* @return |
|
1233 |
* @throws McdbDocNotFoundException |
|
1234 |
* @throws AccessException |
|
1235 |
*/ |
|
1236 |
private AccessPolicy getAccessPolicy(String guid) throws McdbDocNotFoundException, AccessException { |
|
1237 |
String docid = getLocalId(guid); |
|
1238 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
1239 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(docid); |
|
1240 |
AccessRule accessRule = new AccessRule(); |
|
1241 |
Identifier resource = new Identifier(); |
|
1242 |
resource.setValue(guid); |
|
1243 |
accessRule.addResource(resource); |
|
1244 |
for (XMLAccessDAO accessDAO: accessDAOs) { |
|
1245 |
Permission permission = convertPermission(accessDAO.getPermission().intValue()); |
|
1246 |
accessRule.addPermission(permission); |
|
1247 |
Subject subject = new Subject(); |
|
1248 |
subject.setValue(accessDAO.getPrincipalName()); |
|
1249 |
accessRule.addSubject(subject); |
|
1250 |
} |
|
1251 |
AccessPolicy accessPolicy = new AccessPolicy(); |
|
1252 |
accessPolicy.addAllow(accessRule); |
|
1253 |
return accessPolicy; |
|
1254 |
} |
|
1255 |
|
|
1256 |
public int convertPermission(Permission permission) { |
|
1257 |
if (permission.equals(Permission.READ)) { |
|
1258 |
return AccessControlInterface.READ; |
|
1259 |
} |
|
1260 |
if (permission.equals(Permission.WRITE)) { |
|
1261 |
return AccessControlInterface.WRITE; |
|
1262 |
} |
|
1263 |
if (permission.equals(Permission.CHANGE_PERMISSION)) { |
|
1264 |
return AccessControlInterface.CHMOD; |
|
1265 |
} |
|
1266 |
return -1; |
|
1267 |
} |
|
1268 |
|
|
1269 |
public Permission convertPermission(int permission) { |
|
1270 |
if (permission == AccessControlInterface.READ) { |
|
1271 |
return Permission.READ; |
|
1272 |
} |
|
1273 |
if (permission == AccessControlInterface.WRITE) { |
|
1274 |
return Permission.WRITE; |
|
1275 |
} |
|
1276 |
if (permission == AccessControlInterface.CHMOD) { |
|
1277 |
return Permission.CHANGE_PERMISSION; |
|
1278 |
} |
|
1279 |
return null; |
|
1280 |
} |
|
1281 |
|
|
1282 |
/** |
|
1166 | 1283 |
* Lookup a localId given the GUID. If |
1167 | 1284 |
* the identifier is not found, throw an exception. |
1168 | 1285 |
* |
Also available in: Unified diff
read and write D1 access policy rules from metacat xml_access table.
still TBD: which mechanism takes precedence when there are systemMetadata access rules and EML access rules and other access rules?