Revision 665
Added by bojilova almost 24 years ago
| src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
|---|---|---|
| 57 | 57 |
private String doctype; |
| 58 | 58 |
private String systemid; |
| 59 | 59 |
|
| 60 |
private String resourceURL; |
|
| 61 |
private String resourceId; |
|
| 60 |
private String docurl; |
|
| 61 |
private Vector resourceURL; |
|
| 62 |
private Vector resourceID; |
|
| 62 | 63 |
private Vector principal; |
| 63 | 64 |
private int permission; |
| 64 | 65 |
private String permType; |
| ... | ... | |
| 103 | 104 |
this.user = user; |
| 104 | 105 |
this.group = group; |
| 105 | 106 |
this.aclid = aclid; |
| 107 |
this.resourceURL = new Vector(); |
|
| 108 |
this.resourceID = new Vector(); |
|
| 106 | 109 |
this.principal = new Vector(); |
| 107 | 110 |
this.permission = 0; |
| 108 | 111 |
this.ticketCount = 0; |
| ... | ... | |
| 210 | 213 |
|
| 211 | 214 |
if (currentTag.equals("resourceIdentifier")) {
|
| 212 | 215 |
|
| 213 |
resourceURL = inputString; |
|
| 214 |
resourceId = getDocid(inputString); |
|
| 215 |
// check permissions for @user on resourceId first |
|
| 216 |
// @user must have permission "all" on resourceId |
|
| 216 |
// docid of the current resource |
|
| 217 |
String docid = getDocid(inputString); |
|
| 218 |
// URL string of the current resource |
|
| 219 |
// docurl is declared in the class |
|
| 220 |
try {
|
|
| 221 |
docurl = (new URL(inputString)).toString(); |
|
| 222 |
} catch (MalformedURLException murle) {
|
|
| 223 |
throw new SAXException(murle.getMessage()); |
|
| 224 |
} |
|
| 225 |
// collect them in Vector variables |
|
| 226 |
resourceID.addElement(docid); |
|
| 227 |
resourceURL.addElement(docurl); |
|
| 228 |
// check permissions for @user on the current resource first |
|
| 229 |
// @user must have permission "all" on it(docid) |
|
| 217 | 230 |
boolean hasPermission = false; |
| 218 | 231 |
try {
|
| 219 |
hasPermission = hasPermission("ALL",user,resourceId);
|
|
| 232 |
hasPermission = hasPermission("ALL",user,docid);
|
|
| 220 | 233 |
if ( !hasPermission && group != null ) {
|
| 221 |
hasPermission = hasPermission("ALL",group,resourceId);
|
|
| 234 |
hasPermission = hasPermission("ALL",group,docid);
|
|
| 222 | 235 |
} |
| 223 | 236 |
} catch (SQLException e) {
|
| 224 | 237 |
throw new SAXException(e.getMessage()); |
| 225 | 238 |
} |
| 226 | 239 |
if ( !hasPermission ) {
|
| 227 | 240 |
throw new SAXException( |
| 228 |
"Permission denied for setting access control on " + resourceId);
|
|
| 241 |
"Permission denied for setting access control on " + docid);
|
|
| 229 | 242 |
} |
| 230 |
// end of check for "all" perm on resourceId
|
|
| 243 |
// end of check for "all" perm on docid
|
|
| 231 | 244 |
|
| 232 | 245 |
} else if (currentTag.equals("principal")) {
|
| 233 | 246 |
|
| 234 |
principal.addElement(new String(inputString));
|
|
| 247 |
principal.addElement(inputString);
|
|
| 235 | 248 |
|
| 236 | 249 |
} else if (currentTag.equals("permission")) {
|
| 237 | 250 |
|
| ... | ... | |
| 241 | 254 |
permission = permission | WRITE; |
| 242 | 255 |
} else if ( inputString.trim().toUpperCase().equals("ALL") ) {
|
| 243 | 256 |
permission = permission | ALL; |
| 257 |
} else {
|
|
| 258 |
throw new SAXException("Unknown permission type: " + inputString);
|
|
| 244 | 259 |
} |
| 245 | 260 |
|
| 246 | 261 |
} else if (currentTag.equals("duration") &&
|
| ... | ... | |
| 253 | 268 |
} |
| 254 | 269 |
|
| 255 | 270 |
} else if (currentTag.equals("ticketCount") && ticketCount == 0 ) {
|
| 256 |
ticketCount = (new Integer(inputString.trim())).intValue(); |
|
| 271 |
try {
|
|
| 272 |
ticketCount = (new Integer(inputString.trim())).intValue(); |
|
| 273 |
} catch (NumberFormatException nfe) {
|
|
| 274 |
throw new SAXException("Wrong integer format for:" + inputString);
|
|
| 275 |
} |
|
| 257 | 276 |
} |
| 258 | 277 |
} |
| 259 | 278 |
|
| ... | ... | |
| 269 | 288 |
if ( leaving.getTagName().equals("resourceIdentifier") ) {
|
| 270 | 289 |
|
| 271 | 290 |
try {
|
| 272 |
// make a relationship for @aclid on @resourceId
|
|
| 291 |
// make a relationship for @aclid on the current resource(docurl)
|
|
| 273 | 292 |
if ( aclid != null ) {
|
| 274 |
insertRelation(aclid, resourceURL);
|
|
| 293 |
insertRelation(aclid, docurl);
|
|
| 275 | 294 |
} |
| 276 | 295 |
} catch (SQLException sqle) {
|
| 277 | 296 |
throw new SAXException(sqle); |
| ... | ... | |
| 317 | 336 |
|
| 318 | 337 |
} else if ( leaving.getTagName().equals("resource") ) {
|
| 319 | 338 |
// reset the resource identifier |
| 320 |
resourceId = null; |
|
| 339 |
resourceID = new Vector(); |
|
| 340 |
resourceURL = new Vector(); |
|
| 321 | 341 |
permOrder = null; |
| 322 | 342 |
} |
| 323 | 343 |
|
| ... | ... | |
| 419 | 439 |
"begin_time,end_time,ticket_count, accessfileid) VALUES " + |
| 420 | 440 |
"(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?,?)"); |
| 421 | 441 |
// Bind the values to the query |
| 422 |
pstmt.setString(1, resourceId); |
|
| 423 | 442 |
pstmt.setInt(3, permission); |
| 424 | 443 |
pstmt.setString(4, permType); |
| 425 | 444 |
pstmt.setString(5, permOrder); |
| ... | ... | |
| 431 | 450 |
} else {
|
| 432 | 451 |
pstmt.setString(8, ""); |
| 433 | 452 |
} |
| 434 |
for ( int i = 0; i < principal.size(); i++ ) {
|
|
| 435 |
pstmt.setString(2, (String)principal.elementAt(i)); |
|
| 436 |
pstmt.execute(); |
|
| 453 |
for ( int i = 0; i < resourceID.size(); i++ ) {
|
|
| 454 |
pstmt.setString(1, (String)resourceID.elementAt(i)); |
|
| 455 |
for ( int j = 0; j < principal.size(); j++ ) {
|
|
| 456 |
pstmt.setString(2, (String)principal.elementAt(j)); |
|
| 457 |
pstmt.execute(); |
|
| 458 |
} |
|
| 437 | 459 |
} |
| 438 | 460 |
|
| 439 | 461 |
} catch (SQLException e) {
|
| ... | ... | |
| 442 | 464 |
} |
| 443 | 465 |
} |
| 444 | 466 |
|
| 445 |
/** Check for @permission for @principal on @resourceId from db connection */
|
|
| 467 |
/** Check for @permission for @principal on @resourceID from db connection */
|
|
| 446 | 468 |
public boolean hasPermission ( String permission, |
| 447 |
String principal, String resourceId )
|
|
| 469 |
String principal, String resourceID )
|
|
| 448 | 470 |
throws SQLException |
| 449 | 471 |
{
|
| 450 | 472 |
PreparedStatement pstmt; |
| 451 |
// check public access to @resourceId from xml_documents table
|
|
| 473 |
// check public access to @resourceID from xml_documents table
|
|
| 452 | 474 |
if ( permission.equals("READ") ) {
|
| 453 | 475 |
try {
|
| 454 | 476 |
pstmt = conn.prepareStatement( |
| 455 | 477 |
"SELECT 'x' FROM xml_documents " + |
| 456 | 478 |
"WHERE docid LIKE ? AND public_access = 1"); |
| 457 | 479 |
// Bind the values to the query |
| 458 |
pstmt.setString(1, resourceId);
|
|
| 480 |
pstmt.setString(1, resourceID);
|
|
| 459 | 481 |
|
| 460 | 482 |
pstmt.execute(); |
| 461 | 483 |
ResultSet rs = pstmt.getResultSet(); |
| ... | ... | |
| 474 | 496 |
} |
| 475 | 497 |
|
| 476 | 498 |
// since owner of resource has all permission on it, |
| 477 |
// check if @principal is owner of @resourceId in xml_documents table
|
|
| 499 |
// check if @principal is owner of @resourceID in xml_documents table
|
|
| 478 | 500 |
if ( principal != null ) {
|
| 479 | 501 |
try {
|
| 480 | 502 |
pstmt = conn.prepareStatement( |
| 481 | 503 |
"SELECT 'x' FROM xml_documents " + |
| 482 | 504 |
"WHERE docid LIKE ? AND user_owner LIKE ?"); |
| 483 | 505 |
// Bind the values to the query |
| 484 |
pstmt.setString(1, resourceId);
|
|
| 506 |
pstmt.setString(1, resourceID);
|
|
| 485 | 507 |
pstmt.setString(2, principal); |
| 486 | 508 |
|
| 487 | 509 |
pstmt.execute(); |
| ... | ... | |
| 499 | 521 |
"Error checking document's ownership. " + e.getMessage()); |
| 500 | 522 |
} |
| 501 | 523 |
|
| 502 |
// check @principal's @permission on @resourceId from xml_access table
|
|
| 524 |
// check @principal's @permission on @resourceID from xml_access table
|
|
| 503 | 525 |
int accessValue = 0; |
| 504 | 526 |
int ticketCount = 0; |
| 505 | 527 |
String permOrder = ""; |
| ... | ... | |
| 514 | 536 |
"AND perm_type LIKE ?"); |
| 515 | 537 |
// check if it is "denied" first |
| 516 | 538 |
// Bind the values to the query |
| 517 |
pstmt.setString(1, resourceId);
|
|
| 539 |
pstmt.setString(1, resourceID);
|
|
| 518 | 540 |
pstmt.setString(2, principal); |
| 519 | 541 |
pstmt.setString(3, "denied"); |
| 520 | 542 |
|
| ... | ... | |
| 529 | 551 |
( permOrder.equals("allowFirst") ) &&
|
| 530 | 552 |
( rs.wasNull() || ticketCount > 0 ) ) {
|
| 531 | 553 |
if ( !rs.wasNull() && ticketCount > 0 ) {
|
| 532 |
decreaseNumberOfAccess(accessValue,principal,resourceId,"denied");
|
|
| 554 |
decreaseNumberOfAccess(accessValue,principal,resourceID,"denied");
|
|
| 533 | 555 |
} |
| 534 | 556 |
pstmt.close(); |
| 535 | 557 |
return false; |
| ... | ... | |
| 540 | 562 |
|
| 541 | 563 |
// it is not denied then check if it is "allowed" |
| 542 | 564 |
// Bind the values to the query |
| 543 |
pstmt.setString(1, resourceId);
|
|
| 565 |
pstmt.setString(1, resourceID);
|
|
| 544 | 566 |
pstmt.setString(2, principal); |
| 545 | 567 |
pstmt.setString(3, "allowed"); |
| 546 | 568 |
|
| ... | ... | |
| 553 | 575 |
if ( ( accessValue & intValue(permission) )==intValue(permission) && |
| 554 | 576 |
( rs.wasNull() || ticketCount > 0 ) ) {
|
| 555 | 577 |
if ( !rs.wasNull() && ticketCount > 0 ) {
|
| 556 |
decreaseNumberOfAccess(accessValue,principal,resourceId,"allowed");
|
|
| 578 |
decreaseNumberOfAccess(accessValue,principal,resourceID,"allowed");
|
|
| 557 | 579 |
} |
| 558 | 580 |
pstmt.close(); |
| 559 | 581 |
return true; |
| ... | ... | |
| 580 | 602 |
return false; |
| 581 | 603 |
} |
| 582 | 604 |
|
| 583 |
/** decrease the number of access to @resourceId for @principal */
|
|
| 605 |
/** decrease the number of access to @resourceID for @principal */
|
|
| 584 | 606 |
private void decreaseNumberOfAccess(int permission, String principal, |
| 585 |
String resourceId, String permType)
|
|
| 607 |
String resourceID, String permType)
|
|
| 586 | 608 |
throws SQLException |
| 587 | 609 |
{
|
| 588 | 610 |
PreparedStatement pstmt; |
| ... | ... | |
| 595 | 617 |
"AND nvl(end_time,sysdate) " + |
| 596 | 618 |
"AND perm_type LIKE ?"); |
| 597 | 619 |
// Bind the values to the query |
| 598 |
pstmt.setString(1, resourceId);
|
|
| 620 |
pstmt.setString(1, resourceID);
|
|
| 599 | 621 |
pstmt.setString(2, principal); |
| 600 | 622 |
pstmt.setInt(3, permission); |
| 601 | 623 |
pstmt.setString(4, permType); |
Also available in: Unified diff
implementation for multiple <resourceIndentifier> tags under <resource>