Revision 665
Added by bojilova almost 24 years ago
src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
---|---|---|
57 | 57 |
private String doctype; |
58 | 58 |
private String systemid; |
59 | 59 |
|
60 |
private String resourceURL; |
|
61 |
private String resourceId; |
|
60 |
private String docurl; |
|
61 |
private Vector resourceURL; |
|
62 |
private Vector resourceID; |
|
62 | 63 |
private Vector principal; |
63 | 64 |
private int permission; |
64 | 65 |
private String permType; |
... | ... | |
103 | 104 |
this.user = user; |
104 | 105 |
this.group = group; |
105 | 106 |
this.aclid = aclid; |
107 |
this.resourceURL = new Vector(); |
|
108 |
this.resourceID = new Vector(); |
|
106 | 109 |
this.principal = new Vector(); |
107 | 110 |
this.permission = 0; |
108 | 111 |
this.ticketCount = 0; |
... | ... | |
210 | 213 |
|
211 | 214 |
if (currentTag.equals("resourceIdentifier")) { |
212 | 215 |
|
213 |
resourceURL = inputString; |
|
214 |
resourceId = getDocid(inputString); |
|
215 |
// check permissions for @user on resourceId first |
|
216 |
// @user must have permission "all" on resourceId |
|
216 |
// docid of the current resource |
|
217 |
String docid = getDocid(inputString); |
|
218 |
// URL string of the current resource |
|
219 |
// docurl is declared in the class |
|
220 |
try { |
|
221 |
docurl = (new URL(inputString)).toString(); |
|
222 |
} catch (MalformedURLException murle) { |
|
223 |
throw new SAXException(murle.getMessage()); |
|
224 |
} |
|
225 |
// collect them in Vector variables |
|
226 |
resourceID.addElement(docid); |
|
227 |
resourceURL.addElement(docurl); |
|
228 |
// check permissions for @user on the current resource first |
|
229 |
// @user must have permission "all" on it(docid) |
|
217 | 230 |
boolean hasPermission = false; |
218 | 231 |
try { |
219 |
hasPermission = hasPermission("ALL",user,resourceId);
|
|
232 |
hasPermission = hasPermission("ALL",user,docid);
|
|
220 | 233 |
if ( !hasPermission && group != null ) { |
221 |
hasPermission = hasPermission("ALL",group,resourceId);
|
|
234 |
hasPermission = hasPermission("ALL",group,docid);
|
|
222 | 235 |
} |
223 | 236 |
} catch (SQLException e) { |
224 | 237 |
throw new SAXException(e.getMessage()); |
225 | 238 |
} |
226 | 239 |
if ( !hasPermission ) { |
227 | 240 |
throw new SAXException( |
228 |
"Permission denied for setting access control on " + resourceId);
|
|
241 |
"Permission denied for setting access control on " + docid);
|
|
229 | 242 |
} |
230 |
// end of check for "all" perm on resourceId
|
|
243 |
// end of check for "all" perm on docid
|
|
231 | 244 |
|
232 | 245 |
} else if (currentTag.equals("principal")) { |
233 | 246 |
|
234 |
principal.addElement(new String(inputString));
|
|
247 |
principal.addElement(inputString);
|
|
235 | 248 |
|
236 | 249 |
} else if (currentTag.equals("permission")) { |
237 | 250 |
|
... | ... | |
241 | 254 |
permission = permission | WRITE; |
242 | 255 |
} else if ( inputString.trim().toUpperCase().equals("ALL") ) { |
243 | 256 |
permission = permission | ALL; |
257 |
} else { |
|
258 |
throw new SAXException("Unknown permission type: " + inputString); |
|
244 | 259 |
} |
245 | 260 |
|
246 | 261 |
} else if (currentTag.equals("duration") && |
... | ... | |
253 | 268 |
} |
254 | 269 |
|
255 | 270 |
} else if (currentTag.equals("ticketCount") && ticketCount == 0 ) { |
256 |
ticketCount = (new Integer(inputString.trim())).intValue(); |
|
271 |
try { |
|
272 |
ticketCount = (new Integer(inputString.trim())).intValue(); |
|
273 |
} catch (NumberFormatException nfe) { |
|
274 |
throw new SAXException("Wrong integer format for:" + inputString); |
|
275 |
} |
|
257 | 276 |
} |
258 | 277 |
} |
259 | 278 |
|
... | ... | |
269 | 288 |
if ( leaving.getTagName().equals("resourceIdentifier") ) { |
270 | 289 |
|
271 | 290 |
try { |
272 |
// make a relationship for @aclid on @resourceId
|
|
291 |
// make a relationship for @aclid on the current resource(docurl)
|
|
273 | 292 |
if ( aclid != null ) { |
274 |
insertRelation(aclid, resourceURL);
|
|
293 |
insertRelation(aclid, docurl);
|
|
275 | 294 |
} |
276 | 295 |
} catch (SQLException sqle) { |
277 | 296 |
throw new SAXException(sqle); |
... | ... | |
317 | 336 |
|
318 | 337 |
} else if ( leaving.getTagName().equals("resource") ) { |
319 | 338 |
// reset the resource identifier |
320 |
resourceId = null; |
|
339 |
resourceID = new Vector(); |
|
340 |
resourceURL = new Vector(); |
|
321 | 341 |
permOrder = null; |
322 | 342 |
} |
323 | 343 |
|
... | ... | |
419 | 439 |
"begin_time,end_time,ticket_count, accessfileid) VALUES " + |
420 | 440 |
"(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?,?)"); |
421 | 441 |
// Bind the values to the query |
422 |
pstmt.setString(1, resourceId); |
|
423 | 442 |
pstmt.setInt(3, permission); |
424 | 443 |
pstmt.setString(4, permType); |
425 | 444 |
pstmt.setString(5, permOrder); |
... | ... | |
431 | 450 |
} else { |
432 | 451 |
pstmt.setString(8, ""); |
433 | 452 |
} |
434 |
for ( int i = 0; i < principal.size(); i++ ) { |
|
435 |
pstmt.setString(2, (String)principal.elementAt(i)); |
|
436 |
pstmt.execute(); |
|
453 |
for ( int i = 0; i < resourceID.size(); i++ ) { |
|
454 |
pstmt.setString(1, (String)resourceID.elementAt(i)); |
|
455 |
for ( int j = 0; j < principal.size(); j++ ) { |
|
456 |
pstmt.setString(2, (String)principal.elementAt(j)); |
|
457 |
pstmt.execute(); |
|
458 |
} |
|
437 | 459 |
} |
438 | 460 |
|
439 | 461 |
} catch (SQLException e) { |
... | ... | |
442 | 464 |
} |
443 | 465 |
} |
444 | 466 |
|
445 |
/** Check for @permission for @principal on @resourceId from db connection */
|
|
467 |
/** Check for @permission for @principal on @resourceID from db connection */
|
|
446 | 468 |
public boolean hasPermission ( String permission, |
447 |
String principal, String resourceId )
|
|
469 |
String principal, String resourceID )
|
|
448 | 470 |
throws SQLException |
449 | 471 |
{ |
450 | 472 |
PreparedStatement pstmt; |
451 |
// check public access to @resourceId from xml_documents table
|
|
473 |
// check public access to @resourceID from xml_documents table
|
|
452 | 474 |
if ( permission.equals("READ") ) { |
453 | 475 |
try { |
454 | 476 |
pstmt = conn.prepareStatement( |
455 | 477 |
"SELECT 'x' FROM xml_documents " + |
456 | 478 |
"WHERE docid LIKE ? AND public_access = 1"); |
457 | 479 |
// Bind the values to the query |
458 |
pstmt.setString(1, resourceId);
|
|
480 |
pstmt.setString(1, resourceID);
|
|
459 | 481 |
|
460 | 482 |
pstmt.execute(); |
461 | 483 |
ResultSet rs = pstmt.getResultSet(); |
... | ... | |
474 | 496 |
} |
475 | 497 |
|
476 | 498 |
// since owner of resource has all permission on it, |
477 |
// check if @principal is owner of @resourceId in xml_documents table
|
|
499 |
// check if @principal is owner of @resourceID in xml_documents table
|
|
478 | 500 |
if ( principal != null ) { |
479 | 501 |
try { |
480 | 502 |
pstmt = conn.prepareStatement( |
481 | 503 |
"SELECT 'x' FROM xml_documents " + |
482 | 504 |
"WHERE docid LIKE ? AND user_owner LIKE ?"); |
483 | 505 |
// Bind the values to the query |
484 |
pstmt.setString(1, resourceId);
|
|
506 |
pstmt.setString(1, resourceID);
|
|
485 | 507 |
pstmt.setString(2, principal); |
486 | 508 |
|
487 | 509 |
pstmt.execute(); |
... | ... | |
499 | 521 |
"Error checking document's ownership. " + e.getMessage()); |
500 | 522 |
} |
501 | 523 |
|
502 |
// check @principal's @permission on @resourceId from xml_access table
|
|
524 |
// check @principal's @permission on @resourceID from xml_access table
|
|
503 | 525 |
int accessValue = 0; |
504 | 526 |
int ticketCount = 0; |
505 | 527 |
String permOrder = ""; |
... | ... | |
514 | 536 |
"AND perm_type LIKE ?"); |
515 | 537 |
// check if it is "denied" first |
516 | 538 |
// Bind the values to the query |
517 |
pstmt.setString(1, resourceId);
|
|
539 |
pstmt.setString(1, resourceID);
|
|
518 | 540 |
pstmt.setString(2, principal); |
519 | 541 |
pstmt.setString(3, "denied"); |
520 | 542 |
|
... | ... | |
529 | 551 |
( permOrder.equals("allowFirst") ) && |
530 | 552 |
( rs.wasNull() || ticketCount > 0 ) ) { |
531 | 553 |
if ( !rs.wasNull() && ticketCount > 0 ) { |
532 |
decreaseNumberOfAccess(accessValue,principal,resourceId,"denied");
|
|
554 |
decreaseNumberOfAccess(accessValue,principal,resourceID,"denied");
|
|
533 | 555 |
} |
534 | 556 |
pstmt.close(); |
535 | 557 |
return false; |
... | ... | |
540 | 562 |
|
541 | 563 |
// it is not denied then check if it is "allowed" |
542 | 564 |
// Bind the values to the query |
543 |
pstmt.setString(1, resourceId);
|
|
565 |
pstmt.setString(1, resourceID);
|
|
544 | 566 |
pstmt.setString(2, principal); |
545 | 567 |
pstmt.setString(3, "allowed"); |
546 | 568 |
|
... | ... | |
553 | 575 |
if ( ( accessValue & intValue(permission) )==intValue(permission) && |
554 | 576 |
( rs.wasNull() || ticketCount > 0 ) ) { |
555 | 577 |
if ( !rs.wasNull() && ticketCount > 0 ) { |
556 |
decreaseNumberOfAccess(accessValue,principal,resourceId,"allowed");
|
|
578 |
decreaseNumberOfAccess(accessValue,principal,resourceID,"allowed");
|
|
557 | 579 |
} |
558 | 580 |
pstmt.close(); |
559 | 581 |
return true; |
... | ... | |
580 | 602 |
return false; |
581 | 603 |
} |
582 | 604 |
|
583 |
/** decrease the number of access to @resourceId for @principal */
|
|
605 |
/** decrease the number of access to @resourceID for @principal */
|
|
584 | 606 |
private void decreaseNumberOfAccess(int permission, String principal, |
585 |
String resourceId, String permType)
|
|
607 |
String resourceID, String permType)
|
|
586 | 608 |
throws SQLException |
587 | 609 |
{ |
588 | 610 |
PreparedStatement pstmt; |
... | ... | |
595 | 617 |
"AND nvl(end_time,sysdate) " + |
596 | 618 |
"AND perm_type LIKE ?"); |
597 | 619 |
// Bind the values to the query |
598 |
pstmt.setString(1, resourceId);
|
|
620 |
pstmt.setString(1, resourceID);
|
|
599 | 621 |
pstmt.setString(2, principal); |
600 | 622 |
pstmt.setInt(3, permission); |
601 | 623 |
pstmt.setString(4, permType); |
Also available in: Unified diff
implementation for multiple <resourceIndentifier> tags under <resource>