/src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java @ 6470

-            daigle
+/**
  *  '$RCSfile$'
-            daigle
+ *    Purpose: A Class that manages database access of xml access
-            daigle
+ *             information.
  *  Copyright: 2009 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Michael Daigle
+ *
  *   '$Author: daigle $'
  *     '$Date: 2009-03-23 13:56:56 -0800 (Mon, 23 Mar 2009) $'
  * '$Revision: 4854 $'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package edu.ucsb.nceas.metacat.accesscontrol;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-            leinfelder
+import java.util.List;
-            daigle
+import java.util.Vector;
 import org.apache.log4j.Logger;
-            leinfelder
+import edu.ucsb.nceas.metacat.AccessionNumber;
 import edu.ucsb.nceas.metacat.DBUtil;
 import edu.ucsb.nceas.metacat.IdentifierManager;
 import edu.ucsb.nceas.metacat.McdbDocNotFoundException;
-            daigle
+import edu.ucsb.nceas.metacat.database.DBConnection;
 import edu.ucsb.nceas.metacat.database.DBConnectionPool;
 import edu.ucsb.nceas.metacat.shared.AccessException;
 import edu.ucsb.nceas.metacat.shared.BaseAccess;
 public class XMLAccessAccess extends BaseAccess {
 	private Logger logMetacat = Logger.getLogger(XMLAccessAccess.class);
-            leinfelder
+	private static String DOCID = "docid";
 	private static String GUID = "guid";
 	private String idAttribute = DOCID;
-            daigle
+	// Constructor
-            daigle
+	public XMLAccessAccess() throws AccessException {}
             daigle
-            leinfelder
+	public XMLAccessAccess(boolean useGuid) {
 		if (useGuid) {
 			idAttribute = GUID;
+		}
+	}
-            daigle
+	/**
 	 * Get all xml access for a document
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            the id of the document
 	 * @return an xml access DAO list
 	 */
-            leinfelder
+	public Vector<XMLAccessDAO> getXMLAccessForDoc(String id) throws AccessException {
             daigle
 		Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>();
-            leinfelder
+		if (id == null) {
-            daigle
+			throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - doc id " +
 					"must be specified when selecting xml_access record");
+		}
-            daigle
+		// first get the xml access from the db and put it into a DAO list
-            daigle
+		PreparedStatement pstmt = null;
-            daigle
+		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForDoc");
     		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
-            leinfelder
+			pstmt.setString(1, id);
             daigle
 			String sqlReport = "XMLAccessAccess.getXMLAccessForDoc - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 			ResultSet resultSet = pstmt.getResultSet();
 			while (resultSet.next()) {
 				XMLAccessDAO xmlAccessDAO = populateDAO(resultSet);
 				xmlAccessList.add(xmlAccessDAO);
+			}
             daigle
 			// make sure permission orders do not conflict in the database
-            daigle
+			validateDocXMLAccessList(xmlAccessList);
 			return xmlAccessList;
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - SQL error when getting access " +
-            leinfelder
+					" for id: " + id  + " : "  + sqle.getMessage());
-            daigle
+		} catch (PermOrderException poe) {
 			String errorStr = "XMLAccessAccess.getXMLAccessForDoc - Permission order error when getting " +
-            leinfelder
+				"access record for doc id: " + id + " : "  + poe.getMessage();
-            daigle
+			logMetacat.error(errorStr);
 			throw new AccessException(errorStr);
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
 	 * Get all xml access for a principal for a certain document
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            the id of the document
 	 * @param principalName
 	 *            the credentials of the principal in the database
 	 * @return an xml access DAO list
 	 */
-            leinfelder
+	public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName)
-            daigle
+			throws AccessException {
 		Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>();
-            leinfelder
+		if (id == null) {
-            daigle
+			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
 					"must be specified when selecting xml_access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
 					"must be specified when selecting xml_access record");
+		}
-            daigle
+		// first get the xml access for this principal from the db and put it into a DAO list
-            daigle
+		PreparedStatement pstmt = null;
-            daigle
+		DBConnection conn = null;
 		int serialNumber = -1;
-            daigle
+		try {
-            daigle
+			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal");
     		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
-            leinfelder
+			pstmt.setString(1, id);
-            daigle
+			pstmt.setString(2, principalName);
 			String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "," + principalName + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 			ResultSet resultSet = pstmt.getResultSet();
 			while (resultSet.next()) {
 				XMLAccessDAO xmlAccessDAO = populateDAO(resultSet);
 				xmlAccessList.add(xmlAccessDAO);
+			}
-            daigle
+			// make sure permission orders do not conflict in the database
-            daigle
+			validatePrincipalXMLAccessList(xmlAccessList);
 			return xmlAccessList;
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " +
-            leinfelder
+					" for id: " + id + ", principal: " + principalName  + " : "  + sqle.getMessage());
-            daigle
+		} catch (PermOrderException poe) {
 			String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " +
-            leinfelder
+				"access record for id: " + id + ", principal: " + principalName + " : "  + poe.getMessage();
-            daigle
+			logMetacat.error(errorStr);
 			throw new AccessException(errorStr);
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Get all xml access for a principal/permType/permOrder for a certain document
             daigle
-            leinfelder
+	 * @param id
-            daigle
+	 *            the id of the document
 	 * @param principalName
 	 *            the credentials of the principal in the database
 	 * @return an xml access DAO list
 	 */
-            leinfelder
+	public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder)
-            daigle
+			throws AccessException {
 		Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>();
-            leinfelder
+		if (id == null) {
-            daigle
+			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
 					"must be specified when selecting xml_access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
 					"must be specified when selecting xml_access record");
+		}
 		if (permType == null) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - permission type " +
 					"must be specified when selecting xml_access record");
+		}
 		if (permOrder == null) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - permission order " +
 					"must be specified when selecting xml_access record");
+		}
-            daigle
+		// first get the xml access for this principal from the db and put it into a DAO list
-            daigle
+		PreparedStatement pstmt = null;
-            daigle
+		DBConnection conn = null;
 		int serialNumber = -1;
-            daigle
+		try {
-            daigle
+			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal");
     		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
-            daigle
+				"AND perm_type = ? AND perm_order = ?";
 			pstmt = conn.prepareStatement(sql);
-            leinfelder
+			pstmt.setString(1, id);
-            daigle
+			pstmt.setString(2, principalName);
 			pstmt.setString(3, permType);
 			pstmt.setString(4, permOrder);
 			String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "," + principalName + "," +  permType + "," + permOrder + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 			ResultSet resultSet = pstmt.getResultSet();
 			while (resultSet.next()) {
 				XMLAccessDAO xmlAccessDAO = populateDAO(resultSet);
 				xmlAccessList.add(xmlAccessDAO);
+			}
 			validatePrincipalXMLAccessList(xmlAccessList);
 			return xmlAccessList;
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " +
-            leinfelder
+					" for id: " + id + ", principal: " + principalName  + " : "  + sqle.getMessage());
-            daigle
+		} catch (PermOrderException poe) {
 			String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " +
-            leinfelder
+				"access record for id: " + id + ", principal: " + principalName + " : "  + poe.getMessage();
-            daigle
+			logMetacat.error(errorStr);
 			throw new AccessException(errorStr);
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Add permissions for a given principal on a given document. If the
 	 * principal already exists, bitwise OR the permission to the existing
-            daigle
+	 * permission and update.
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principalName
 	 *            principal credentials
 	 * @param permission
 	 *            permission bitmap
 	 * @param permType
 	 *            permission type
 	 * @param permOrder
 	 *            permission order
 	 */
-            leinfelder
+	public void addXMLAccess(String id, String principalName, Long permission, String permType,
-            leinfelder
+			String permOrder, String accessFileId, String subTreeId) throws AccessException, PermOrderException {
             daigle
-            leinfelder
+		permOrderConflict(id, permOrder);
             daigle
-            daigle
+		Vector<XMLAccessDAO> xmlAccessList =
-            leinfelder
+			getXMLAccessForPrincipal(id, principalName, permType, permOrder);
             daigle
 		// if more than one record exists for this principal on this document with the same
 		// access type / access order combination, call cleanup to combine common access and then
 		// re-retrieve the access list.
 		if (xmlAccessList.size() == 0) {
-            leinfelder
+			insertXMLAccess(id, principalName, permission, permType, permOrder, accessFileId, subTreeId);
-            daigle
+			return;
+		}
 		if (xmlAccessList.size() > 1) {
 			cleanupXMLAccessForPrincipal(xmlAccessList);
-            leinfelder
+			xmlAccessList = getXMLAccessForPrincipal(id, principalName, permType, permOrder);
             daigle
 		if (xmlAccessList.size() == 0) {
 			throw new AccessException("XMLAccessAccess.addXMLAccess - xml access list is empty when " +
-            leinfelder
+				"it shouldn't be for id: " + id + ", prinicpal name: " + principalName + ", perm type " +
-            daigle
+				permType + ", perm order: " + permOrder);
+		}
 		XMLAccessDAO xmlAccessDAO = xmlAccessList.get(0);
             daigle
-            daigle
+		// if the permission on the xml access dao does not already contain the permission we are
 		//trying to add, update the access record with the existing permission bitwis OR-ed with our
 		// new permission
 		if ((xmlAccessDAO.getPermission() & permission) != permission) {
-            leinfelder
+			updateXMLAccessPermission(id, principalName, xmlAccessDAO.getPermission() | permission);
             daigle
+	}
 	/**
-            daigle
+	 * Set permissions for a given document. This means first removing all access control for the
 	 * document and then adding the given rules.
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
-            daigle
+	 * @param xmlAccessList
 	 *            list of xml access dao objects that hold new access for the document
 	 */
-            leinfelder
+	public void replaceAccess(String id, List<XMLAccessDAO> xmlAccessList) throws AccessException {
 		deleteXMLAccessForDoc(id);
             daigle
 		// if more than one record exists for this principal on this document with the same
 		// access type / access order combination, call cleanup to combine common access and then
 		// re-retrieve the access list.
 		for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
-            leinfelder
+			insertXMLAccess(id, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(),
-            leinfelder
+					xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder(), xmlAccessDAO.getAccessFileId(), xmlAccessDAO.getSubTreeId());
             daigle
+	}
 	/**
 	 * Insert an xml access record.  It is assumed that the checks have already been made to
 	 * make sure the principal does not already have an access record for this document.  If
 	 * one does already exist, that record should be updated and this insert not called.
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
-            daigle
+	 * @param principal
 	 *            principal credentials
 	 * @param permission
 	 *            permission bitmap
 	 * @param permType
 	 *            permission type
 	 * @param permOrder
 	 *            permission order
 	 */
-            leinfelder
+	private void insertXMLAccess(String id, String principalName, Long permission, String permType,
-            leinfelder
+			String permOrder, String accessFileId, String subTreeId) throws AccessException {
-            berkley
+	    //System.out.println("permission in insertXMLAccess: " + permission);
 	    try
+	    {
 	        if(permission == -1)
+	        {
 	            throw new Exception("Permission is -1 in XMLAccessAccess.insertXMLAccess().");
+	        }
+	    }
 	    catch(Exception e)
+	    {
 	        e.printStackTrace();
 	        logMetacat.warn(e.getMessage());
+	    }
-            leinfelder
+		if (id == null) {
 			throw new AccessException("XMLAccessAccess.insertXMLAccess - id is required when " +
-            daigle
+					"inserting XML access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.insertXMLAccess - principal is required when " +
 					"inserting XML access record");
+		}
 		if (permission == null) {
 			throw new AccessException("XMLAccessAccess.insertXMLAccess - permission is required when " +
 					"inserting XML access record");
+		}
 		if (permType == null) {
 			throw new AccessException("XMLAccessAccess.insertXMLAccess - permType is required when " +
 					"inserting XML access record");
+		}
 		if (permOrder == null) {
 			permOrder = AccessControlInterface.ALLOWFIRST;
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.insertXMLAccess");
 			serialNumber = conn.getCheckOutSerialNumber();
             daigle
-            daigle
+			String sql = "INSERT INTO xml_access " +
-            leinfelder
+				"(docid, guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " +
 				"VALUES (?,?,?,?,?,?,?,?)";
-            daigle
+			pstmt = conn.prepareStatement(sql);
-            leinfelder
+			String guid = null;
 			String docid = null;
 			if (idAttribute.equals(GUID)) {
 				guid = id;
 				try {
 					docid = IdentifierManager.getInstance().getLocalId(id);
 				} catch (McdbDocNotFoundException e) {
 					//ignore
 					logMetacat.warn("No local id mapping found for guid: " + id);
+				}
 			} else {
 				int rev = DBUtil.getLatestRevisionInDocumentTable(id);
 				try {
 					guid = IdentifierManager.getInstance().getGUID(id, rev);
 				} catch (McdbDocNotFoundException e) {
 					//ignore
 					logMetacat.warn("No guid mapping found for docid: " + id + "." + rev);
+				}
 				docid = id;
+			}
-            daigle
+			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, docid);
 			pstmt.setString(2, guid);
 			pstmt.setString(3, principalName);
 			pstmt.setLong(4, permission);
 			pstmt.setString(5, permType);
 			pstmt.setString(6, permOrder);
 			pstmt.setString(7, accessFileId);
 			pstmt.setString(8, subTreeId);
             daigle
 			String sqlReport = "XMLAccessAccess.insertXMLAccess - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + docid + "," + guid + "," + principalName + "," +  permission + "," +  permType + "," + permOrder + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.insertXMLAccess - SQL error when inserting"
-            leinfelder
+					+ "xml access permissions for id: " + id + ", principal: " +
-            daigle
+					principalName + ":" + sqle.getMessage());
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Update existing xml access permissions in the db.  The permission value should be the combined
 	 * value of pre-existing permissions plus new permissions.
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principalName
 	 *            principal credentials
 	 * @param permission
 	 *            permission bitmap
 	 */
-            leinfelder
+	private void updateXMLAccessPermission(String id, String principalName, Long permission)
-            daigle
+			throws AccessException {
-            leinfelder
+		if (id == null) {
 			throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - id is required when " +
-            daigle
+					"updating XML access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - principal is required when " +
 					"updating XML access record");
+		}
 		if (permission == null) {
 			throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - permission is required when " +
 					"updating XML access record");
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.updateXMLAccessPermission");
 			serialNumber = conn.getCheckOutSerialNumber();
             daigle
-            daigle
+			String sql = "UPDATE xml_access SET permission = ?" +
-            leinfelder
+				"WHERE " + idAttribute + " = ? AND principal_name = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
 			// Bind the values to the query
 			pstmt.setLong(1, permission);
-            leinfelder
+			pstmt.setString(2, id);
-            daigle
+			pstmt.setString(3, principalName);
 			String sqlReport = "XMLAccessAccess.updateXMLAccessPermission - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + permission + "," + id + "," + principalName + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - SQL error when updating"
-            leinfelder
+					+ "xml access permissions for id: " + id + ", principal: " +
-            daigle
+					principalName + ":" + sqle.getMessage());
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Remove xml access.  This modifies the access in the database for a principal
-            daigle
+	 * for a given document.  If the provided permission is exactly the same as what
-            daigle
+	 * the principal has, the record is deleted from the database.
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principalName
 	 *            principal credentials
 	 */
-            leinfelder
+	public void removeXMLAccessForPrincipal(String id, String principalName, Long permission) throws AccessException {
 		if (id == null) {
 			throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - id is required when " +
-            daigle
+					"removing XML access");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - principal is required when " +
 					"deleting XML access");
+		}
 		if (permission == null) {
 			throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - permission is required when " +
 					"updating XML access");
+		}
-            leinfelder
+		Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(id, principalName);
-            daigle
+		if (xmlAccessList.size() == 0) {
 			logMetacat.warn("XMLAccessAccess.removeXMLAccessForPrincipal - attempting to remove access when no " +
-            leinfelder
+				"access record exists for id: " + id + ", principal: " + principalName);
-            daigle
+		} else {
 			long permissionMask = 0;
 			for (XMLAccessDAO xmlAccessDAO : xmlAccessList) {
 				permissionMask |= xmlAccessDAO.getPermission();
+			}
 			permissionMask |= permission;
 			// in this case, the only existing permissions are the ones we want to remove, so
 			// delete the record(s) for this principal on this document
 			if ((permissionMask & permission) == permission) {
-            leinfelder
+				deleteXMLAccessForPrincipal(id, principalName);
             daigle
 			if (xmlAccessList.size() > 1) {
 			} else {
-            leinfelder
+				updateXMLAccessPermission(id, principalName, permission);
             daigle
+		}
+	}
 	/**
-            daigle
+	 * Delete xml access.  This removes all access records from the database for a given document
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 */
-            leinfelder
+	public void deleteXMLAccessForDoc(String id) throws AccessException {
 		if (id == null) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
-            daigle
+					"deleting XML access record");
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc");
-            daigle
+    		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
 			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, id);
             daigle
 			String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting"
-            leinfelder
+					+ "xml access permissions for id: " + id + ":" + sqle.getMessage());
-            daigle
+		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Delete xml access.  This removes all access records from the database for a principal
 	 * for a given document
             daigle
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principal
 	 *            principal credentials
 	 */
-            leinfelder
+	private void deleteXMLAccessForPrincipal(String id, String principalName) throws AccessException {
 		if (id == null) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
-            daigle
+					"deleting XML access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - principal is required when " +
 					"deleting XML access record");
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal");
-            daigle
+    		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
 			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, id);
-            daigle
+			pstmt.setString(2, principalName);
 			String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "," + principalName + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting"
-            leinfelder
+					+ "xml access permissions for id: " + id + ", principal: " +
-            daigle
+					principalName + ":" + sqle.getMessage());
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
 	/**
-            daigle
+	 * Checks to see if there is a permission order conflict for a given document.  Each
 	 * document is only allowed to have a single permission order
+	 *
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principal
 	 *            principal credentials
 	 */
-            leinfelder
+	private void permOrderConflict(String id, String permOrder) throws AccessException, PermOrderException {
 		if (id == null) {
 			throw new AccessException("XMLAccessAccess.permOrderConflict - id is required when " +
-            daigle
+					"determining perm order conflict");
+		}
 		if (permOrder == null) {
 			throw new AccessException("XMLAccessAccess.permOrderConflict - perm order is required when " +
 					"determining perm order conflict");
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.permOrderConflict");
-            daigle
+    		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND perm_order != ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
 			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, id);
-            daigle
+			pstmt.setString(2, permOrder);
 			String sqlReport = "XMLAccessAccess.permOrderConflict - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "," + permOrder + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 			ResultSet resultSet = pstmt.getResultSet();
 			if (resultSet.next()) {
 				throw new PermOrderException("XMLAccessAccess.addXMLAccess - cannot add permission " +
-            leinfelder
+					"record for id: " + id + "with permOrder: " + permOrder + " due to permOrder conflict");
             daigle
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.permOrderConflict - SQL error when checking"
-            leinfelder
+					+ "for perm order conflict on: " + id + ":" + sqle.getMessage());
-            daigle
+		} finally {
 			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
+		}
+	}
 	/**
 	 * Delete xml access.  This removes all access records from the database for a principal
 	 * for a given document, perm type and perm order
             daigle
-            leinfelder
+	 * @param id
-            daigle
+	 *            document id
 	 * @param principal
 	 *            principal credentials
 	 */
-            leinfelder
+	private void deleteXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) throws AccessException {
 		if (id == null) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
-            daigle
+					"deleting XML access record");
+		}
 		if (principalName == null) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - principal is required when " +
 					"deleting XML access record");
+		}
 		if (permType == null) {
 			throw new AccessException(
 					"XMLAccessAccess.deleteXMLAccessForPrincipal - perm type is required when "
 							+ "deleting XML access record");
+		}
 		if (permOrder == null) {
 			throw new AccessException(
 					"XMLAccessAccess.deleteXMLAccessForPrincipal - perm order is required when "
 							+ "deleting XML access record");
+		}
 	    PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal");
-            daigle
+    		serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
-            daigle
+				"AND perm_type = ? AND perm_order = ?";
-            daigle
+			pstmt = conn.prepareStatement(sql);
 			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, id);
-            daigle
+			pstmt.setString(2, principalName);
 			pstmt.setString(3, permType);
 			pstmt.setString(4, permOrder);
 			String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql;
-            leinfelder
+			sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]";
             daigle
 			logMetacat.info(sqlReport);
 			pstmt.execute();
 		} catch (SQLException sqle) {
 			throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting"
-            leinfelder
+					+ "xml access permissions for id: " + id + ", principal: " +
-            daigle
+					principalName + ":" + sqle.getMessage());
 		} finally {
-            daigle
+			closeDBObjects(pstmt, conn, serialNumber, logMetacat);
             daigle
+	}
             daigle
 	/**
 	 * Make sure that only one record exists per principal/permType/document. If
 	 * more than one record exists, delete the existing records, consolidate the
 	 * permissions insert the new record.
+	 *
-            daigle
+	 * @param xmlAccessList the access dao list
-            daigle
+	 */
-            daigle
+	private void cleanupXMLAccessForPrincipal(Vector<XMLAccessDAO> xmlAccessList) throws AccessException{
-            daigle
+		int numAllowRecords = 0;
 		int numDenyRecords = 0;
 		long allowPermissionMask = 0;
 		long denyPermissionMask = 0;
-            leinfelder
+		String id = null;
-            daigle
+		String principalName = null;
 		String permType = null;
 		String permOrder = null;
-            leinfelder
+		// TODO: handle these fields
 		String accessFileId = null;
 		String subTreeId = null;
             daigle
 		// iterate through the list of access dao objects and bttwise or the permissions.  Most
 		// of this is just doing some error checking to make sure each record is valid.
 		for (XMLAccessDAO xmlAccessDAO : xmlAccessList) {
-            leinfelder
+			String daoId = xmlAccessDAO.getDocId();
 			if (idAttribute.equals(GUID)) {
 				daoId = xmlAccessDAO.getGuid();
+			}
 			if (id == null) {
 				id = daoId;
-            daigle
+			} else {
-            leinfelder
+				if (!id.equals(daoId)) {
-            daigle
+					throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
-            leinfelder
+							" Conflicting ids " + daoId + " and " + id);
             daigle
+			}
 			if (principalName == null) {
 				principalName = xmlAccessDAO.getPrincipalName();
 			} else {
 				if (!principalName.equals(xmlAccessDAO.getPrincipalName())) {
 					throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
 							" Conflicting prinicpal names " + xmlAccessDAO.getPrincipalName() +
 							" and principalName " + principalName);
+				}
+			}
 			if (permType == null) {
 				permType = xmlAccessDAO.getPermType();
 			} else {
 				if (!permType.equals(xmlAccessDAO.getPermType())) {
 					throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
-            leinfelder
+							" Conflicting permission orders for document " + daoId +
-            daigle
+							"principalName " + principalName + ". Database intervention required ");
+				}
+			}
 			if (permOrder == null) {
 				permOrder = xmlAccessDAO.getPermOrder();
 			} else {
 				if (!permOrder.equals(xmlAccessDAO.getPermOrder())) {
 					throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
-            leinfelder
+							" Conflicting permission types for document " + daoId +
-            daigle
+							"principalName " + principalName + ". Database intervention required ");
+				}
+			}
 			if (permType == null) {
 				permType = xmlAccessDAO.getPermType();
 			} else {
 				if (!permType.equals(xmlAccessDAO.getPermType())) {
 					throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
-            leinfelder
+							" Conflicting permission orders for document " + daoId +
-            daigle
+							"principalName " + principalName + ". Database intervention required ");
+				}
+			}
-            daigle
+			if (permType.equals(AccessControlInterface.ALLOW)) {
 				numAllowRecords++;
 				allowPermissionMask |= xmlAccessDAO.getPermission();
 			} else if (permType.equals(AccessControlInterface.DENY)) {
 				numDenyRecords++;
 				denyPermissionMask |= xmlAccessDAO.getPermission();
+			}
-            leinfelder
+			if (accessFileId == null) {
 				accessFileId = xmlAccessDAO.getAccessFileId();
+			}
 			if (subTreeId == null) {
 				subTreeId = xmlAccessDAO.getSubTreeId();
+			}
             daigle
-            daigle
+		// if there was more than one allow record, remove all allow records for this user on this doc
 		// with this perm type and perm order then insert a single record
 		if (numAllowRecords > 1) {
-            leinfelder
+			deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.ALLOW, permOrder);
 			insertXMLAccess(id, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId);
             daigle
 		// if there was more than one deny record, remove all deny records for this user on this doc
 		// with this perm type and perm order then insert a single record
 		if (numDenyRecords > 1) {
-            leinfelder
+			deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.DENY, permOrder);
 			insertXMLAccess(id, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId);
             daigle
             daigle
-            daigle
+	/**
-            daigle
+	 * Make sure for a given list of access DAOs that only one perm order
 	 * exists. It is assumed that all the DAOs are for the same doc
             daigle
 	 * @param xmlAccessList
-            daigle
+	 *            the access dao list
-            daigle
+	 */
-            daigle
+	private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException {
 		String permOrder = null;
 		for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
-            leinfelder
+			String daoId = xmlAccessDAO.getDocId();
 			if (idAttribute.equals(GUID)) {
 				daoId = xmlAccessDAO.getGuid();
+			}
-            daigle
+			if (permOrder == null) {
 				permOrder = xmlAccessDAO.getPermOrder();
 			} else {
 				if(!permOrder.equals(xmlAccessDAO.getPermOrder())) {
 					throw new PermOrderException("XMLAccessAccess.validateXMLAccessList - " +
-            leinfelder
+						" Conflicting permission orders for document " + daoId +
-            daigle
+						". Database intervention required ");
+				}
+			}
+		}
+	}
-            daigle
+	/**
 	 * Check that only one permOrder exists for each principal.
 	 * TODO add check that one of each permType exists as well
+	 *
 	 * @param xmlAccessList
 	 *            the access dao list
 	 */
-            daigle
+	private void validatePrincipalXMLAccessList(Vector<XMLAccessDAO> xmlAccessList)
 			throws PermOrderException {
 		boolean allowFirst = false;
 		boolean denyFirst = false;
-            leinfelder
+		String id = null;
             daigle
 		// These vectors will hold all combinations of access DAOs with different permission
 		// orders and permission types.
 		Vector<XMLAccessDAO> allowFirstAllows = new Vector<XMLAccessDAO>();
 		Vector<XMLAccessDAO> allowFirstDenys = new Vector<XMLAccessDAO>();
 		Vector<XMLAccessDAO> denyFirstAllows = new Vector<XMLAccessDAO>();
 		Vector<XMLAccessDAO> denyFirstDenys = new Vector<XMLAccessDAO>();
 		// sort the access dao records into the appropriate vector
 		for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
-            leinfelder
+			String daoId = xmlAccessDAO.getDocId();
 			if (idAttribute.equals(GUID)) {
 				daoId = xmlAccessDAO.getGuid();
             daigle
-            leinfelder
+			if (id == null) {
 				id = daoId;
+			}
-            daigle
+			if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.ALLOWFIRST)) {
 				allowFirst = true;
 				if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
 					allowFirstAllows.add(xmlAccessDAO);
 				} else if (xmlAccessDAO.getPermType().equals(AccessControlInterface.DENY)) {
 					allowFirstDenys.add(xmlAccessDAO);
 				} else {
 					throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
 							" Invalid permission type: " + xmlAccessDAO.getPermType() + " for document " +
-            leinfelder
+							daoId + ". Database intervention required ");
             daigle
 			} else if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.DENYFIRST)) {
 				denyFirst = true;
 				if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
 					denyFirstAllows.add(xmlAccessDAO);
 				} else if (xmlAccessDAO.getPermType().equals(AccessControlInterface.DENY)) {
 					denyFirstDenys.add(xmlAccessDAO);
 				} else {
 					throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
 							" Invalid permission type: " + xmlAccessDAO.getPermType() + " for document " +
-            leinfelder
+							daoId + ". Database intervention required ");
             daigle
 			} else {
 				throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
 						" Invalid permission order: " + xmlAccessDAO.getPermOrder() + " for document " +
-            leinfelder
+						daoId + ". Database intervention required ");
             daigle
+		}
 		// for a given user, there cannot be allowfirst and denyfirst records on the same
 		// document
 		if(allowFirst && denyFirst) {
 			throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
-            leinfelder
+					" Conflicting permission orders for document " + id +
-            daigle
+					". Database intervention required ");
+		}
+	}
 	/**
 	 * Populate a job data object with the current row in a resultset
+	 *
 	 * @param resultSet
 	 *            the result set which is already pointing to the desired row.
 	 * @return a scheduled job data object
 	 */
 	protected XMLAccessDAO populateDAO(ResultSet resultSet) throws SQLException {
 		XMLAccessDAO xmlAccessDAO = new XMLAccessDAO();
-            leinfelder
+		xmlAccessDAO.setDocId(resultSet.getString(idAttribute));
-            daigle
+		xmlAccessDAO.setAccessFileId(resultSet.getString("accessfileid"));
 		xmlAccessDAO.setPrincipalName(resultSet.getString("principal_name"));
 		xmlAccessDAO.setPermission(resultSet.getLong("permission"));
 		xmlAccessDAO.setPermType(resultSet.getString("perm_type"));
 		xmlAccessDAO.setPermOrder(resultSet.getString("perm_order"));
 		xmlAccessDAO.setBeginTime(resultSet.getDate("begin_time"));
 		xmlAccessDAO.setEndTime(resultSet.getDate("end_time"));
 		xmlAccessDAO.setTicketCount(resultSet.getLong("ticket_count"));
 		xmlAccessDAO.setSubTreeId(resultSet.getString("subtreeid"));
 		xmlAccessDAO.setStartNodeId(resultSet.getString("startnodeid"));
 		xmlAccessDAO.setEndNodeId(resultSet.getString("endnodeid"));
 		return xmlAccessDAO;
+	}
+}

Project

General

Profile

Metacat