Revision 661
Added by berkley almost 24 years ago
src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
---|---|---|
286 | 286 |
else if (action.equals("read")) { |
287 | 287 |
//PrintWriter out = response.getWriter(); |
288 | 288 |
try { |
289 |
handleReadAction(/*out,*/ params, response); |
|
289 |
handleReadAction(/*out,*/ params, response, username);
|
|
290 | 290 |
} catch (ClassNotFoundException e) { |
291 | 291 |
System.out.println(e.getMessage()); |
292 | 292 |
} catch (SQLException se) { |
... | ... | |
943 | 943 |
* possibly transformed from XML into HTML |
944 | 944 |
*/ |
945 | 945 |
private void handleReadAction(/*PrintWriter out,*/ Hashtable params, |
946 |
HttpServletResponse response) |
|
946 |
HttpServletResponse response, String username)
|
|
947 | 947 |
throws ClassNotFoundException, IOException, SQLException |
948 | 948 |
{ |
949 | 949 |
PrintWriter out; |
... | ... | |
952 | 952 |
if(params.containsKey(new String("qformat")) && |
953 | 953 |
((String[])params.get("qformat"))[0].equals("bin")) |
954 | 954 |
{ |
955 |
handleGetData(params, response); |
|
955 |
handleGetData(params, response, username);
|
|
956 | 956 |
} |
957 | 957 |
else |
958 | 958 |
{ |
... | ... | |
971 | 971 |
* Handle the read of a data file. |
972 | 972 |
*/ |
973 | 973 |
private void handleGetData(Hashtable params, |
974 |
HttpServletResponse response) |
|
974 |
HttpServletResponse response, String username)
|
|
975 | 975 |
{ |
976 | 976 |
String docid = null; |
977 | 977 |
try |
... | ... | |
994 | 994 |
|
995 | 995 |
try |
996 | 996 |
{ |
997 |
ServletOutputStream sosout = response.getOutputStream(); |
|
998 |
response.setContentType("application/octet-stream"); |
|
999 | 997 |
StringBuffer sql = new StringBuffer(); |
1000 | 998 |
sql.append("select docname from xml_documents where docid like '"); |
1001 | 999 |
sql.append(docid).append("'"); |
1002 | 1000 |
conn = util.openDBConnection(); |
1001 |
|
|
1002 |
AccessControlList aclobj = new AccessControlList(conn); |
|
1003 |
boolean hasPermission = aclobj.hasPermission("READ",username,docid); |
|
1004 |
|
|
1005 |
if(!hasPermission) |
|
1006 |
{ |
|
1007 |
response.setContentType("text/html"); |
|
1008 |
PrintWriter out = response.getWriter(); |
|
1009 |
out.println("Error: you do not have permission to view this document"); |
|
1010 |
return; |
|
1011 |
} |
|
1012 |
response.setContentType("application/octet-stream"); |
|
1013 |
ServletOutputStream sosout = response.getOutputStream(); |
|
1003 | 1014 |
PreparedStatement pstmt = conn.prepareStatement(sql.toString()); |
1004 | 1015 |
pstmt.execute(); |
1005 | 1016 |
ResultSet rs = pstmt.getResultSet(); |
... | ... | |
1014 | 1025 |
} |
1015 | 1026 |
f = new File(filepath + rs.getString(1)); |
1016 | 1027 |
fin = new FileInputStream(f); |
1028 |
|
|
1017 | 1029 |
int b = fin.read(); |
1018 | 1030 |
while(b != -1) |
1019 | 1031 |
{ |
Also available in: Unified diff
fixed bug in data file permission checking. (commited wrong file last time)