Revision 6744
Added by ben leinfelder over 12 years ago
| test/edu/ucsb/nceas/metacattest/AccessAPITest.java | ||
|---|---|---|
| 137 | 137 |
true); |
| 138 | 138 |
accessDAOList = new Vector<XMLAccessDAO>(); |
| 139 | 139 |
accessDAO = new XMLAccessDAO(); |
| 140 |
accessDAO.setDocId(docId);
|
|
| 140 |
accessDAO.setGuid(docId);
|
|
| 141 | 141 |
accessDAO.setPrincipalName(principal); |
| 142 | 142 |
accessDAO.setPermission(new Long(AccessControlInterface.READ)); |
| 143 | 143 |
accessDAO.setPermType(AccessControlInterface.ALLOW); |
| ... | ... | |
| 470 | 470 |
|
| 471 | 471 |
System.out.println("subAccessDAO.perm: '" + subAccessDAO.getPermission() + "'");
|
| 472 | 472 |
System.out.println("mainAccessDAO.perm: '" + mainAccessDAO.getPermission() + "'");*/
|
| 473 |
if (subAccessDAO.getDocId().equals(mainAccessDAO.getDocId()) &&
|
|
| 473 |
if (subAccessDAO.getGuid().equals(mainAccessDAO.getGuid()) &&
|
|
| 474 | 474 |
subAccessDAO.getPermOrder().equals(mainAccessDAO.getPermOrder()) && |
| 475 | 475 |
subAccessDAO.getPermType().equals(mainAccessDAO.getPermType()) && |
| 476 | 476 |
subAccessDAO.getPrincipalName().equals(mainAccessDAO.getPrincipalName()) && |
| ... | ... | |
| 540 | 540 |
*/ |
| 541 | 541 |
private void debugAccessDAOList(Vector<XMLAccessDAO> accessDAOList) {
|
| 542 | 542 |
for (XMLAccessDAO xmlAccessDAO : accessDAOList) {
|
| 543 |
debug("Doc ID: " + xmlAccessDAO.getDocId());
|
|
| 543 |
debug("Guid: " + xmlAccessDAO.getGuid());
|
|
| 544 | 544 |
debug("Perm Order: " + xmlAccessDAO.getPermOrder());
|
| 545 | 545 |
debug("Perm Type: " + xmlAccessDAO.getPermType());
|
| 546 | 546 |
debug("Principal " + xmlAccessDAO.getPrincipalName());
|
| src/upgrade-db-to-2.0.0-postgres.sql | ||
|---|---|---|
| 61 | 61 |
* Replication changes to support DataONE System Metadata replication |
| 62 | 62 |
*/ |
| 63 | 63 |
ALTER TABLE xml_replication ADD COLUMN systemmetadatareplicate INT8; |
| 64 |
/* |
|
| 65 |
* Allow guid in xml_access table (for system metadata) |
|
| 66 |
*/ |
|
| 67 |
ALTER TABLE xml_access ADD COLUMN guid text; |
|
| 68 | 64 |
|
| 69 | 65 |
/** |
| 70 | 66 |
* track the user-agent for the request |
| ... | ... | |
| 76 | 72 |
*/ |
| 77 | 73 |
INSERT INTO xml_catalog (entry_type, public_id, system_id) |
| 78 | 74 |
VALUES ('Schema', '@eml2_1_1namespace@', '/schema/eml-2.1.1/eml.xsd');
|
| 75 |
|
|
| 76 |
/** |
|
| 77 |
* Generate GUIDs for docid.rev |
|
| 78 |
*/ |
|
| 79 |
INSERT INTO identifier (docid, rev, guid) |
|
| 80 |
SELECT docid, rev, docid || '.' || rev FROM xml_documents; |
|
| 81 |
INSERT INTO identifier (docid, rev, guid) |
|
| 82 |
SELECT docid, revisionid, docid || '.' || revisionid FROM xml_revisions; |
|
| 83 |
|
|
| 84 |
/** |
|
| 85 |
* Allow guid in xml_access table (for system metadata) |
|
| 86 |
*/ |
|
| 87 |
ALTER TABLE xml_access ADD COLUMN guid text; |
|
| 88 |
|
|
| 89 |
/** |
|
| 90 |
* Upgrade xml_access records to use GUID from identifier table |
|
| 91 |
*/ |
|
| 92 |
INSERT INTO xml_access ( |
|
| 93 |
guid, principal_name, permission, perm_type, perm_order, |
|
| 94 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
| 95 |
) |
|
| 96 |
SELECT |
|
| 97 |
id.guid, xa.principal_name, xa.permission, xa.perm_type, xa.perm_order, |
|
| 98 |
xa.docid, xa.accessfileid, xa.begin_time, xa.end_time, xa.ticket_count, xa.subtreeid, xa.startnodeid, xa.endnodeid |
|
| 99 |
FROM identifier id, xml_access xa |
|
| 100 |
WHERE id.docid = xa.docid; |
|
| 101 |
|
|
| 102 |
/** |
|
| 103 |
* Include inline access rows -- they have a special guid: 'scope.docid.rev.index' |
|
| 104 |
*/ |
|
| 105 |
INSERT INTO xml_access ( |
|
| 106 |
guid, principal_name, permission, perm_type, perm_order, |
|
| 107 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
| 108 |
) |
|
| 109 |
SELECT |
|
| 110 |
docid, principal_name, permission, perm_type, perm_order, |
|
| 111 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
| 112 |
FROM xml_access |
|
| 113 |
WHERE docid like '%.%.%.%'; |
|
| 114 |
|
|
| 115 |
/** |
|
| 116 |
* Update the accessfileid to use guid |
|
| 117 |
* TODO: specific revision should be used |
|
| 118 |
*/ |
|
| 119 |
UPDATE xml_access |
|
| 120 |
SET accessfileid = id.guid |
|
| 121 |
FROM identifier id, xml_access xa |
|
| 122 |
WHERE xa.accessfileid = id.docid |
|
| 123 |
|
|
| 124 |
|
|
| 125 |
/** |
|
| 126 |
* Remove old access rules |
|
| 127 |
*/ |
|
| 128 |
DELETE FROM xml_access WHERE guid is null; |
|
| 129 |
|
|
| 130 |
/** |
|
| 131 |
* clean up the xml_access table |
|
| 132 |
*/ |
|
| 133 |
ALTER TABLE xml_access DROP COLUMN docid; |
|
| 134 |
|
|
| 79 | 135 |
/* |
| 80 | 136 |
* update the database version |
| 81 | 137 |
*/ |
| src/xmltables-postgres.sql | ||
|---|---|---|
| 209 | 209 |
* ACL -- table to store ACL for XML documents by principals |
| 210 | 210 |
*/ |
| 211 | 211 |
CREATE TABLE xml_access ( |
| 212 |
docid VARCHAR(250), -- the document id # |
|
| 213 | 212 |
guid text, -- foreign key to system metadata |
| 214 | 213 |
accessfileid VARCHAR(250), -- the document id # for the access file |
| 215 | 214 |
principal_name VARCHAR(100), -- name of user, group, etc. |
| src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
|---|---|---|
| 272 | 272 |
{
|
| 273 | 273 |
String allowQuery = null; |
| 274 | 274 |
String allowString = constructAllowString(); |
| 275 |
allowQuery = "SELECT docid from xml_access WHERE( " + allowString;
|
|
| 275 |
allowQuery = "SELECT id.docid from xml_access xa, identifier id WHERE id.guid = xa.guid AND ( " + allowString;
|
|
| 276 | 276 |
allowQuery = allowQuery + ")"; |
| 277 | 277 |
logMetacat.info("QuerySpecification.createAllowRuleQuery - allow query is: " + allowQuery);
|
| 278 | 278 |
return allowQuery; |
| ... | ... | |
| 319 | 319 |
{
|
| 320 | 320 |
String denyQuery = null; |
| 321 | 321 |
String denyString = constructDenyString(); |
| 322 |
denyQuery = "SELECT docid from xml_access WHERE( " + denyString;
|
|
| 322 |
denyQuery = "SELECT id.docid from xml_access xa, identifier id WHERE id.guid = xa.guid AND ( " + denyString;
|
|
| 323 | 323 |
denyQuery = denyQuery + ") "; |
| 324 | 324 |
logMetacat.info("QuerySpecification.createDenyRuleQuery - denyquery is: " + denyQuery);
|
| 325 | 325 |
return denyQuery; |
| src/edu/ucsb/nceas/metacat/spatial/SpatialHarvester.java | ||
|---|---|---|
| 71 | 71 |
} |
| 72 | 72 |
|
| 73 | 73 |
/** |
| 74 |
* Returns a Vector of all the docids in the xml_path_index tables
|
|
| 74 |
* Returns a Vector of all the current versions of public docids
|
|
| 75 | 75 |
*/ |
| 76 | 76 |
protected Vector<String> queryAllDocids() {
|
| 77 | 77 |
Vector<String> _docs = new Vector<String>(); |
| ... | ... | |
| 83 | 83 |
* to be considered for the spatial cache |
| 84 | 84 |
*/ |
| 85 | 85 |
//String query = "select distinct docid from xml_path_index"; |
| 86 |
String query = "select distinct docid from xml_access where principal_name = 'public' and perm_type = 'allow'"; |
|
| 86 |
String query = "select distinct id.docid " + |
|
| 87 |
"from xml_access xa, identifier id, xml_documents xd " + |
|
| 88 |
"where xa.guid = id.guid " + |
|
| 89 |
"and id.docid = xd.docid " + |
|
| 90 |
"and id.rev = xd.rev " + |
|
| 91 |
"and xa.principal_name = 'public' " + |
|
| 92 |
"and xa.perm_type = 'allow'"; |
|
| 87 | 93 |
|
| 88 | 94 |
try {
|
| 89 | 95 |
pstmt = dbconn.prepareStatement(query); |
| src/edu/ucsb/nceas/metacat/spatial/SpatialDocument.java | ||
|---|---|---|
| 143 | 143 |
if (isSpatialDocument) {
|
| 144 | 144 |
|
| 145 | 145 |
/* |
| 146 |
* Get the bounding coordinates |
|
| 146 |
* Get the bounding coordinates for current public revision
|
|
| 147 | 147 |
*/ |
| 148 | 148 |
query = "SELECT path, nodedatanumerical, parentnodeid FROM xml_path_index" |
| 149 | 149 |
+ " WHERE docid = ?" |
| 150 |
+ " AND docid IN (SELECT distinct docid FROM xml_access WHERE docid = ?" |
|
| 151 |
+ " AND principal_name = 'public' AND perm_type = 'allow')" |
|
| 150 |
+ " AND docid IN " + |
|
| 151 |
"(SELECT distinct id.docid " + |
|
| 152 |
"FROM identifier id, xml_access xa, xml_documents xd " |
|
| 153 |
+ " WHERE id.docid = ?" |
|
| 154 |
+ " AND id.docid = xd.docid " |
|
| 155 |
+ " AND id.rev = xd.rev " |
|
| 156 |
+ " AND id.guid = xa.guid " |
|
| 157 |
+ " AND xa.principal_name = 'public' AND xa.perm_type = 'allow')" |
|
| 152 | 158 |
+ " AND (path = '" + westPath + "'" + " OR path = '" + southPath |
| 153 | 159 |
+ "'" + " OR path = '" + eastPath + "'" + " OR path = '" |
| 154 | 160 |
+ northPath + "'" + " ) ORDER BY parentnodeid;"; |
| src/edu/ucsb/nceas/metacat/AssociateAccessPolicy.java | ||
|---|---|---|
| 177 | 177 |
ResultSet rs=null; |
| 178 | 178 |
|
| 179 | 179 |
//the query stirng |
| 180 |
String query="SELECT docid from xml_access";
|
|
| 180 |
String query="SELECT id.docid from xml_access xa, identifier id where xa.guid = id.guid";
|
|
| 181 | 181 |
try |
| 182 | 182 |
{
|
| 183 | 183 |
pStmt=conn.prepareStatement(query); |
| ... | ... | |
| 409 | 409 |
docId=(String)docList.nextElement(); |
| 410 | 410 |
dataSetId=(String)docIdMapDataSetId.get(docId); |
| 411 | 411 |
query="select accessfileid, principal_name,permission,perm_type," |
| 412 |
+"perm_order,begin_time,end_time,ticket_count from xml_access " |
|
| 413 |
+"where docid =?";
|
|
| 412 |
+"perm_order,begin_time,end_time,ticket_count from xml_access xa, identifier id "
|
|
| 413 |
+"where id.docid = ? and id.guid = xa.guid";
|
|
| 414 | 414 |
pStmt=conn.prepareStatement(query); |
| 415 | 415 |
//bind the value to query |
| 416 | 416 |
pStmt.setString(1, dataSetId); |
| src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java | ||
|---|---|---|
| 35 | 35 |
|
| 36 | 36 |
import org.apache.log4j.Logger; |
| 37 | 37 |
|
| 38 |
import edu.ucsb.nceas.metacat.AccessionNumber; |
|
| 39 |
import edu.ucsb.nceas.metacat.AccessionNumberException; |
|
| 40 |
import edu.ucsb.nceas.metacat.DBUtil; |
|
| 41 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
| 42 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
| 43 | 38 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 44 | 39 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 45 | 40 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
| ... | ... | |
| 48 | 43 |
public class XMLAccessAccess extends BaseAccess {
|
| 49 | 44 |
|
| 50 | 45 |
private Logger logMetacat = Logger.getLogger(XMLAccessAccess.class); |
| 51 |
|
|
| 52 |
private static String DOCID = "docid"; |
|
| 53 |
|
|
| 54 |
private static String GUID = "guid"; |
|
| 55 |
|
|
| 56 |
private String idAttribute = DOCID; |
|
| 57 |
|
|
| 46 |
|
|
| 58 | 47 |
// Constructor |
| 59 | 48 |
public XMLAccessAccess() throws AccessException {}
|
| 60 | 49 |
|
| 61 |
public XMLAccessAccess(boolean useGuid) {
|
|
| 62 |
if (useGuid) {
|
|
| 63 |
idAttribute = GUID; |
|
| 64 |
} |
|
| 65 |
} |
|
| 66 | 50 |
|
| 67 | 51 |
/** |
| 68 | 52 |
* Get all xml access for a document |
| ... | ... | |
| 71 | 55 |
* the id of the document |
| 72 | 56 |
* @return an xml access DAO list |
| 73 | 57 |
*/ |
| 74 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String id) throws AccessException {
|
|
| 58 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String guid) throws AccessException {
|
|
| 75 | 59 |
|
| 76 | 60 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
| 77 | 61 |
|
| 78 |
if (id == null) {
|
|
| 62 |
if (guid == null) {
|
|
| 79 | 63 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - doc id " +
|
| 80 | 64 |
"must be specified when selecting xml_access record"); |
| 81 | 65 |
} |
| ... | ... | |
| 88 | 72 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForDoc");
|
| 89 | 73 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 90 | 74 |
|
| 91 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ?";
|
|
| 75 |
String sql = "SELECT * FROM xml_access WHERE guid = ?";
|
|
| 92 | 76 |
pstmt = conn.prepareStatement(sql); |
| 93 | 77 |
|
| 94 |
pstmt.setString(1, id); |
|
| 78 |
pstmt.setString(1, guid);
|
|
| 95 | 79 |
|
| 96 | 80 |
String sqlReport = "XMLAccessAccess.getXMLAccessForDoc - SQL: " + sql; |
| 97 |
sqlReport += " [" + id + "]"; |
|
| 81 |
sqlReport += " [" + guid + "]";
|
|
| 98 | 82 |
|
| 99 | 83 |
logMetacat.info(sqlReport); |
| 100 | 84 |
|
| ... | ... | |
| 113 | 97 |
|
| 114 | 98 |
} catch (SQLException sqle) {
|
| 115 | 99 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - SQL error when getting access " +
|
| 116 |
" for id: " + id + " : " + sqle.getMessage()); |
|
| 100 |
" for id: " + guid + " : " + sqle.getMessage());
|
|
| 117 | 101 |
} catch (PermOrderException poe) {
|
| 118 | 102 |
String errorStr = "XMLAccessAccess.getXMLAccessForDoc - Permission order error when getting " + |
| 119 |
"access record for doc id: " + id + " : " + poe.getMessage(); |
|
| 103 |
"access record for doc id: " + guid + " : " + poe.getMessage();
|
|
| 120 | 104 |
logMetacat.error(errorStr); |
| 121 | 105 |
throw new AccessException(errorStr); |
| 122 | 106 |
} finally {
|
| ... | ... | |
| 133 | 117 |
* the credentials of the principal in the database |
| 134 | 118 |
* @return an xml access DAO list |
| 135 | 119 |
*/ |
| 136 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName) |
|
| 120 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName)
|
|
| 137 | 121 |
throws AccessException {
|
| 138 | 122 |
|
| 139 | 123 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
| 140 | 124 |
|
| 141 |
if (id == null) {
|
|
| 125 |
if (guid == null) {
|
|
| 142 | 126 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
|
| 143 | 127 |
"must be specified when selecting xml_access record"); |
| 144 | 128 |
} |
| ... | ... | |
| 155 | 139 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal");
|
| 156 | 140 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 157 | 141 |
|
| 158 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
| 142 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
| 159 | 143 |
pstmt = conn.prepareStatement(sql); |
| 160 | 144 |
|
| 161 |
pstmt.setString(1, id); |
|
| 145 |
pstmt.setString(1, guid);
|
|
| 162 | 146 |
pstmt.setString(2, principalName); |
| 163 | 147 |
|
| 164 | 148 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
| 165 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
| 149 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
| 166 | 150 |
|
| 167 | 151 |
logMetacat.info(sqlReport); |
| 168 | 152 |
|
| ... | ... | |
| 181 | 165 |
|
| 182 | 166 |
} catch (SQLException sqle) {
|
| 183 | 167 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " +
|
| 184 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
| 168 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
| 185 | 169 |
} catch (PermOrderException poe) {
|
| 186 | 170 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
| 187 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
| 171 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
| 188 | 172 |
logMetacat.error(errorStr); |
| 189 | 173 |
throw new AccessException(errorStr); |
| 190 | 174 |
} finally {
|
| ... | ... | |
| 195 | 179 |
/** |
| 196 | 180 |
* Get all xml access for a principal/permType/permOrder for a certain document |
| 197 | 181 |
* |
| 198 |
* @param id |
|
| 182 |
* @param guid
|
|
| 199 | 183 |
* the id of the document |
| 200 | 184 |
* @param principalName |
| 201 | 185 |
* the credentials of the principal in the database |
| 202 | 186 |
* @return an xml access DAO list |
| 203 | 187 |
*/ |
| 204 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) |
|
| 188 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder)
|
|
| 205 | 189 |
throws AccessException {
|
| 206 | 190 |
|
| 207 | 191 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
| 208 | 192 |
|
| 209 |
if (id == null) {
|
|
| 193 |
if (guid == null) {
|
|
| 210 | 194 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " +
|
| 211 | 195 |
"must be specified when selecting xml_access record"); |
| 212 | 196 |
} |
| ... | ... | |
| 231 | 215 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal");
|
| 232 | 216 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 233 | 217 |
|
| 234 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
| 218 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
| 235 | 219 |
"AND perm_type = ? AND perm_order = ?"; |
| 236 | 220 |
pstmt = conn.prepareStatement(sql); |
| 237 | 221 |
|
| 238 |
pstmt.setString(1, id); |
|
| 222 |
pstmt.setString(1, guid);
|
|
| 239 | 223 |
pstmt.setString(2, principalName); |
| 240 | 224 |
pstmt.setString(3, permType); |
| 241 | 225 |
pstmt.setString(4, permOrder); |
| 242 | 226 |
|
| 243 | 227 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
| 244 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
| 228 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
| 245 | 229 |
|
| 246 | 230 |
logMetacat.info(sqlReport); |
| 247 | 231 |
|
| ... | ... | |
| 259 | 243 |
|
| 260 | 244 |
} catch (SQLException sqle) {
|
| 261 | 245 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " +
|
| 262 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
| 246 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
| 263 | 247 |
} catch (PermOrderException poe) {
|
| 264 | 248 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
| 265 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
| 249 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
| 266 | 250 |
logMetacat.error(errorStr); |
| 267 | 251 |
throw new AccessException(errorStr); |
| 268 | 252 |
} finally {
|
| ... | ... | |
| 275 | 259 |
* principal already exists, bitwise OR the permission to the existing |
| 276 | 260 |
* permission and update. |
| 277 | 261 |
* |
| 278 |
* @param id |
|
| 262 |
* @param guid
|
|
| 279 | 263 |
* document id |
| 280 | 264 |
* @param principalName |
| 281 | 265 |
* principal credentials |
| ... | ... | |
| 286 | 270 |
* @param permOrder |
| 287 | 271 |
* permission order |
| 288 | 272 |
*/ |
| 289 |
public void addXMLAccess(String id, String principalName, Long permission, String permType, |
|
| 273 |
public void addXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
| 290 | 274 |
String permOrder, String accessFileId, String subTreeId) throws AccessException, PermOrderException {
|
| 291 | 275 |
|
| 292 |
permOrderConflict(id, permOrder); |
|
| 276 |
permOrderConflict(guid, permOrder);
|
|
| 293 | 277 |
|
| 294 | 278 |
Vector<XMLAccessDAO> xmlAccessList = |
| 295 |
getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
| 279 |
getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
| 296 | 280 |
|
| 297 | 281 |
// if more than one record exists for this principal on this document with the same |
| 298 | 282 |
// access type / access order combination, call cleanup to combine common access and then |
| 299 | 283 |
// re-retrieve the access list. |
| 300 | 284 |
if (xmlAccessList.size() == 0) {
|
| 301 |
insertXMLAccess(id, principalName, permission, permType, permOrder, accessFileId, subTreeId); |
|
| 285 |
insertXMLAccess(guid, principalName, permission, permType, permOrder, accessFileId, subTreeId);
|
|
| 302 | 286 |
return; |
| 303 | 287 |
} |
| 304 | 288 |
|
| 305 | 289 |
if (xmlAccessList.size() > 1) {
|
| 306 | 290 |
cleanupXMLAccessForPrincipal(xmlAccessList); |
| 307 |
xmlAccessList = getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
| 291 |
xmlAccessList = getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
| 308 | 292 |
} |
| 309 | 293 |
|
| 310 | 294 |
if (xmlAccessList.size() == 0) {
|
| 311 | 295 |
throw new AccessException("XMLAccessAccess.addXMLAccess - xml access list is empty when " +
|
| 312 |
"it shouldn't be for id: " + id + ", prinicpal name: " + principalName + ", perm type " + |
|
| 296 |
"it shouldn't be for id: " + guid + ", prinicpal name: " + principalName + ", perm type " +
|
|
| 313 | 297 |
permType + ", perm order: " + permOrder); |
| 314 | 298 |
} |
| 315 | 299 |
|
| ... | ... | |
| 319 | 303 |
//trying to add, update the access record with the existing permission bitwis OR-ed with our |
| 320 | 304 |
// new permission |
| 321 | 305 |
if ((xmlAccessDAO.getPermission() & permission) != permission) {
|
| 322 |
updateXMLAccessPermission(id, principalName, xmlAccessDAO.getPermission() | permission); |
|
| 306 |
updateXMLAccessPermission(guid, principalName, xmlAccessDAO.getPermission() | permission);
|
|
| 323 | 307 |
} |
| 324 | 308 |
} |
| 325 | 309 |
|
| ... | ... | |
| 332 | 316 |
* @param xmlAccessList |
| 333 | 317 |
* list of xml access dao objects that hold new access for the document |
| 334 | 318 |
*/ |
| 335 |
public void replaceAccess(String id, List<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
| 336 |
deleteXMLAccessForDoc(id); |
|
| 319 |
public void replaceAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
| 320 |
deleteXMLAccessForDoc(guid);
|
|
| 337 | 321 |
|
| 322 |
insertAccess(guid, xmlAccessList); |
|
| 323 |
} |
|
| 324 |
|
|
| 325 |
/** |
|
| 326 |
* Set permissions for a given document. This means first removing all access control for the |
|
| 327 |
* document and then adding the given rules. |
|
| 328 |
* |
|
| 329 |
* @param id |
|
| 330 |
* document id |
|
| 331 |
* @param xmlAccessList |
|
| 332 |
* list of xml access dao objects that hold new access for the document |
|
| 333 |
*/ |
|
| 334 |
public void insertAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
| 335 |
|
|
| 338 | 336 |
// if more than one record exists for this principal on this document with the same |
| 339 | 337 |
// access type / access order combination, call cleanup to combine common access and then |
| 340 | 338 |
// re-retrieve the access list. |
| 341 | 339 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| 342 |
insertXMLAccess(id, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(), |
|
| 340 |
insertXMLAccess(guid, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(),
|
|
| 343 | 341 |
xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder(), xmlAccessDAO.getAccessFileId(), xmlAccessDAO.getSubTreeId()); |
| 344 | 342 |
} |
| 345 | 343 |
} |
| ... | ... | |
| 360 | 358 |
* @param permOrder |
| 361 | 359 |
* permission order |
| 362 | 360 |
*/ |
| 363 |
private void insertXMLAccess(String id, String principalName, Long permission, String permType, |
|
| 361 |
private void insertXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
| 364 | 362 |
String permOrder, String accessFileId, String subTreeId) throws AccessException {
|
| 365 | 363 |
//System.out.println("permission in insertXMLAccess: " + permission);
|
| 366 | 364 |
try |
| ... | ... | |
| 376 | 374 |
logMetacat.warn(e.getMessage()); |
| 377 | 375 |
} |
| 378 | 376 |
|
| 379 |
if (id == null) {
|
|
| 377 |
if (guid == null) {
|
|
| 380 | 378 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - id is required when " +
|
| 381 | 379 |
"inserting XML access record"); |
| 382 | 380 |
} |
| ... | ... | |
| 405 | 403 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 406 | 404 |
|
| 407 | 405 |
String sql = "INSERT INTO xml_access " + |
| 408 |
"(docid, guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " +
|
|
| 409 |
"VALUES (?,?,?,?,?,?,?,?)";
|
|
| 406 |
"(guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " + |
|
| 407 |
"VALUES (?,?,?,?,?,?,?)"; |
|
| 410 | 408 |
pstmt = conn.prepareStatement(sql); |
| 411 | 409 |
|
| 412 |
String guid = null; |
|
| 413 |
String docid = null; |
|
| 414 |
if (idAttribute.equals(GUID)) {
|
|
| 415 |
guid = id; |
|
| 416 |
try {
|
|
| 417 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
| 418 |
// Parse the localId into scope and rev parts, strip off the rev |
|
| 419 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
| 420 |
docid = acc.getDocid(); |
|
| 421 |
} catch (McdbDocNotFoundException e) {
|
|
| 422 |
//ignore |
|
| 423 |
logMetacat.warn("No local id mapping found for guid: " + id);
|
|
| 424 |
} catch (NumberFormatException e) {
|
|
| 425 |
logMetacat.warn("LocalId could not be parsed for guid: " + id);
|
|
| 426 |
} catch (AccessionNumberException e) {
|
|
| 427 |
logMetacat.warn("LocalId could not be parsed for guid: " + id);
|
|
| 428 |
} |
|
| 429 |
} else {
|
|
| 430 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
| 431 |
try {
|
|
| 432 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
| 433 |
} catch (McdbDocNotFoundException e) {
|
|
| 434 |
//ignore |
|
| 435 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev);
|
|
| 436 |
} |
|
| 437 |
docid = id; |
|
| 438 |
} |
|
| 439 | 410 |
|
| 440 | 411 |
// Bind the values to the query |
| 441 |
pstmt.setString(1, docid); |
|
| 442 |
pstmt.setString(2, guid); |
|
| 443 |
pstmt.setString(3, principalName); |
|
| 444 |
pstmt.setLong(4, permission); |
|
| 445 |
pstmt.setString(5, permType); |
|
| 446 |
pstmt.setString(6, permOrder); |
|
| 447 |
pstmt.setString(7, accessFileId); |
|
| 448 |
pstmt.setString(8, subTreeId); |
|
| 412 |
pstmt.setString(1, guid); |
|
| 413 |
pstmt.setString(2, principalName); |
|
| 414 |
pstmt.setLong(3, permission); |
|
| 415 |
pstmt.setString(4, permType); |
|
| 416 |
pstmt.setString(5, permOrder); |
|
| 417 |
pstmt.setString(6, accessFileId); |
|
| 418 |
pstmt.setString(7, subTreeId); |
|
| 449 | 419 |
|
| 450 | 420 |
String sqlReport = "XMLAccessAccess.insertXMLAccess - SQL: " + sql; |
| 451 |
sqlReport += " [" + docid + "," + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]";
|
|
| 421 |
sqlReport += " [" + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]"; |
|
| 452 | 422 |
|
| 453 | 423 |
logMetacat.info(sqlReport); |
| 454 | 424 |
|
| 455 | 425 |
pstmt.execute(); |
| 456 | 426 |
} catch (SQLException sqle) {
|
| 457 | 427 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - SQL error when inserting"
|
| 458 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
| 428 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
| 459 | 429 |
principalName + ":" + sqle.getMessage()); |
| 460 | 430 |
} finally {
|
| 461 | 431 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| ... | ... | |
| 466 | 436 |
* Update existing xml access permissions in the db. The permission value should be the combined |
| 467 | 437 |
* value of pre-existing permissions plus new permissions. |
| 468 | 438 |
* |
| 469 |
* @param id |
|
| 439 |
* @param guid
|
|
| 470 | 440 |
* document id |
| 471 | 441 |
* @param principalName |
| 472 | 442 |
* principal credentials |
| 473 | 443 |
* @param permission |
| 474 | 444 |
* permission bitmap |
| 475 | 445 |
*/ |
| 476 |
private void updateXMLAccessPermission(String id, String principalName, Long permission) |
|
| 446 |
private void updateXMLAccessPermission(String guid, String principalName, Long permission)
|
|
| 477 | 447 |
throws AccessException {
|
| 478 |
if (id == null) {
|
|
| 448 |
if (guid == null) {
|
|
| 479 | 449 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - id is required when " +
|
| 480 | 450 |
"updating XML access record"); |
| 481 | 451 |
} |
| ... | ... | |
| 497 | 467 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 498 | 468 |
|
| 499 | 469 |
String sql = "UPDATE xml_access SET permission = ?" + |
| 500 |
"WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
| 470 |
"WHERE guid = ? AND principal_name = ?";
|
|
| 501 | 471 |
pstmt = conn.prepareStatement(sql); |
| 502 | 472 |
|
| 503 | 473 |
// Bind the values to the query |
| 504 | 474 |
pstmt.setLong(1, permission); |
| 505 |
pstmt.setString(2, id); |
|
| 475 |
pstmt.setString(2, guid);
|
|
| 506 | 476 |
pstmt.setString(3, principalName); |
| 507 | 477 |
|
| 508 | 478 |
String sqlReport = "XMLAccessAccess.updateXMLAccessPermission - SQL: " + sql; |
| 509 |
sqlReport += " [" + permission + "," + id + "," + principalName + "]"; |
|
| 479 |
sqlReport += " [" + permission + "," + guid + "," + principalName + "]";
|
|
| 510 | 480 |
|
| 511 | 481 |
logMetacat.info(sqlReport); |
| 512 | 482 |
|
| 513 | 483 |
pstmt.execute(); |
| 514 | 484 |
} catch (SQLException sqle) {
|
| 515 | 485 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - SQL error when updating"
|
| 516 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
| 486 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
| 517 | 487 |
principalName + ":" + sqle.getMessage()); |
| 518 | 488 |
} finally {
|
| 519 | 489 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| ... | ... | |
| 526 | 496 |
* for a given document. If the provided permission is exactly the same as what |
| 527 | 497 |
* the principal has, the record is deleted from the database. |
| 528 | 498 |
* |
| 529 |
* @param id |
|
| 499 |
* @param guid
|
|
| 530 | 500 |
* document id |
| 531 | 501 |
* @param principalName |
| 532 | 502 |
* principal credentials |
| 533 | 503 |
*/ |
| 534 |
public void removeXMLAccessForPrincipal(String id, String principalName, Long permission) throws AccessException {
|
|
| 535 |
if (id == null) {
|
|
| 504 |
public void removeXMLAccessForPrincipal(String guid, String principalName, Long permission) throws AccessException {
|
|
| 505 |
if (guid == null) {
|
|
| 536 | 506 |
throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - id is required when " +
|
| 537 | 507 |
"removing XML access"); |
| 538 | 508 |
} |
| ... | ... | |
| 545 | 515 |
"updating XML access"); |
| 546 | 516 |
} |
| 547 | 517 |
|
| 548 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(id, principalName); |
|
| 518 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(guid, principalName);
|
|
| 549 | 519 |
if (xmlAccessList.size() == 0) {
|
| 550 | 520 |
logMetacat.warn("XMLAccessAccess.removeXMLAccessForPrincipal - attempting to remove access when no " +
|
| 551 |
"access record exists for id: " + id + ", principal: " + principalName); |
|
| 521 |
"access record exists for id: " + guid + ", principal: " + principalName);
|
|
| 552 | 522 |
} else {
|
| 553 | 523 |
long permissionMask = 0; |
| 554 | 524 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| ... | ... | |
| 559 | 529 |
// in this case, the only existing permissions are the ones we want to remove, so |
| 560 | 530 |
// delete the record(s) for this principal on this document |
| 561 | 531 |
if ((permissionMask & permission) == permission) {
|
| 562 |
deleteXMLAccessForPrincipal(id, principalName); |
|
| 532 |
deleteXMLAccessForPrincipal(guid, principalName);
|
|
| 563 | 533 |
} |
| 564 | 534 |
|
| 565 | 535 |
if (xmlAccessList.size() > 1) {
|
| 566 | 536 |
|
| 567 | 537 |
} else {
|
| 568 |
updateXMLAccessPermission(id, principalName, permission); |
|
| 538 |
updateXMLAccessPermission(guid, principalName, permission);
|
|
| 569 | 539 |
} |
| 570 | 540 |
} |
| 571 | 541 |
|
| ... | ... | |
| 577 | 547 |
* @param id |
| 578 | 548 |
* document id |
| 579 | 549 |
*/ |
| 580 |
public void deleteXMLAccessForDoc(String id) throws AccessException {
|
|
| 581 |
if (id == null) {
|
|
| 550 |
public void deleteXMLAccessForDoc(String guid) throws AccessException {
|
|
| 551 |
if (guid == null) {
|
|
| 582 | 552 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
|
| 583 | 553 |
"deleting XML access record"); |
| 584 | 554 |
} |
| ... | ... | |
| 588 | 558 |
int serialNumber = -1; |
| 589 | 559 |
try {
|
| 590 | 560 |
|
| 591 |
String guid = null; |
|
| 592 |
String docid = null; |
|
| 593 |
if (idAttribute.equals(GUID)) {
|
|
| 594 |
guid = id; |
|
| 595 |
try {
|
|
| 596 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
| 597 |
// Parse the localId into scope and rev parts, strip off the rev |
|
| 598 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
| 599 |
docid = acc.getDocid(); |
|
| 600 |
} catch (McdbDocNotFoundException e) {
|
|
| 601 |
//ignore |
|
| 602 |
logMetacat.warn("No local id mapping found for guid: " + id);
|
|
| 603 |
} catch (NumberFormatException e) {
|
|
| 604 |
logMetacat.warn("LocalId could not be parsed for guid: " + id);
|
|
| 605 |
} catch (AccessionNumberException e) {
|
|
| 606 |
logMetacat.warn("LocalId could not be parsed for guid: " + id);
|
|
| 607 |
} |
|
| 608 |
} else {
|
|
| 609 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
| 610 |
try {
|
|
| 611 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
| 612 |
} catch (McdbDocNotFoundException e) {
|
|
| 613 |
//ignore |
|
| 614 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev);
|
|
| 615 |
} |
|
| 616 |
docid = id; |
|
| 617 |
} |
|
| 618 |
|
|
| 619 | 561 |
// check out DBConnection |
| 620 | 562 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc");
|
| 621 | 563 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 622 | 564 |
|
| 623 |
String sql = "DELETE FROM xml_access WHERE docid = ? OR guid = ?";
|
|
| 565 |
String sql = "DELETE FROM xml_access WHERE guid = ?"; |
|
| 624 | 566 |
pstmt = conn.prepareStatement(sql); |
| 625 | 567 |
|
| 626 | 568 |
// Bind the values to the query |
| 627 |
pstmt.setString(1, docid); |
|
| 628 |
pstmt.setString(2, guid); |
|
| 569 |
pstmt.setString(1, guid); |
|
| 629 | 570 |
|
| 630 |
|
|
| 631 | 571 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
| 632 |
sqlReport += " [" + id + "]"; |
|
| 572 |
sqlReport += " [" + guid + "]";
|
|
| 633 | 573 |
|
| 634 | 574 |
logMetacat.info(sqlReport); |
| 635 | 575 |
|
| 636 | 576 |
pstmt.execute(); |
| 637 | 577 |
} catch (SQLException sqle) {
|
| 638 | 578 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting"
|
| 639 |
+ "xml access permissions for id: " + id + ":" + sqle.getMessage()); |
|
| 579 |
+ "xml access permissions for id: " + guid + ":" + sqle.getMessage());
|
|
| 640 | 580 |
} finally {
|
| 641 | 581 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| 642 | 582 |
} |
| ... | ... | |
| 646 | 586 |
* Delete xml access. This removes all access records from the database for a principal |
| 647 | 587 |
* for a given document |
| 648 | 588 |
* |
| 649 |
* @param id |
|
| 589 |
* @param guid
|
|
| 650 | 590 |
* document id |
| 651 | 591 |
* @param principal |
| 652 | 592 |
* principal credentials |
| 653 | 593 |
*/ |
| 654 |
private void deleteXMLAccessForPrincipal(String id, String principalName) throws AccessException {
|
|
| 655 |
if (id == null) {
|
|
| 594 |
private void deleteXMLAccessForPrincipal(String guid, String principalName) throws AccessException {
|
|
| 595 |
if (guid == null) {
|
|
| 656 | 596 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
|
| 657 | 597 |
"deleting XML access record"); |
| 658 | 598 |
} |
| ... | ... | |
| 669 | 609 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal");
|
| 670 | 610 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 671 | 611 |
|
| 672 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
| 612 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
| 673 | 613 |
pstmt = conn.prepareStatement(sql); |
| 674 | 614 |
|
| 675 | 615 |
// Bind the values to the query |
| 676 |
pstmt.setString(1, id); |
|
| 616 |
pstmt.setString(1, guid);
|
|
| 677 | 617 |
pstmt.setString(2, principalName); |
| 678 | 618 |
|
| 679 | 619 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
| 680 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
| 620 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
| 681 | 621 |
|
| 682 | 622 |
logMetacat.info(sqlReport); |
| 683 | 623 |
|
| 684 | 624 |
pstmt.execute(); |
| 685 | 625 |
} catch (SQLException sqle) {
|
| 686 | 626 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting"
|
| 687 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
| 627 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
| 688 | 628 |
principalName + ":" + sqle.getMessage()); |
| 689 | 629 |
} finally {
|
| 690 | 630 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| ... | ... | |
| 692 | 632 |
} |
| 693 | 633 |
|
| 694 | 634 |
/** |
| 635 |
* Delete xml access. This removes all access records from the database for a principal |
|
| 636 |
* for a given document |
|
| 637 |
* |
|
| 638 |
* @param guid |
|
| 639 |
* document id |
|
| 640 |
* @param principal |
|
| 641 |
* principal credentials |
|
| 642 |
*/ |
|
| 643 |
public void deleteXMLAccessForDoc(String guid, String permType) throws AccessException {
|
|
| 644 |
if (guid == null) {
|
|
| 645 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - id is required when " +
|
|
| 646 |
"deleting XML access record"); |
|
| 647 |
} |
|
| 648 |
if (permType == null) {
|
|
| 649 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - permType is required when " +
|
|
| 650 |
"deleting XML access record"); |
|
| 651 |
} |
|
| 652 |
|
|
| 653 |
PreparedStatement pstmt = null; |
|
| 654 |
DBConnection conn = null; |
|
| 655 |
int serialNumber = -1; |
|
| 656 |
try {
|
|
| 657 |
// check out DBConnection |
|
| 658 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc");
|
|
| 659 |
serialNumber = conn.getCheckOutSerialNumber(); |
|
| 660 |
|
|
| 661 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND perm_type = ?"; |
|
| 662 |
pstmt = conn.prepareStatement(sql); |
|
| 663 |
|
|
| 664 |
// Bind the values to the query |
|
| 665 |
pstmt.setString(1, guid); |
|
| 666 |
pstmt.setString(2, permType); |
|
| 667 |
|
|
| 668 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
|
| 669 |
sqlReport += " [" + guid + "," + permType + "]"; |
|
| 670 |
|
|
| 671 |
logMetacat.info(sqlReport); |
|
| 672 |
|
|
| 673 |
pstmt.execute(); |
|
| 674 |
} catch (SQLException sqle) {
|
|
| 675 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting"
|
|
| 676 |
+ "xml access permissions for id: " + guid + ", permType: " + |
|
| 677 |
permType + ":" + sqle.getMessage()); |
|
| 678 |
} finally {
|
|
| 679 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
|
| 680 |
} |
|
| 681 |
} |
|
| 682 |
|
|
| 683 |
/** |
|
| 695 | 684 |
* Checks to see if there is a permission order conflict for a given document. Each |
| 696 | 685 |
* document is only allowed to have a single permission order |
| 697 | 686 |
* |
| 698 |
* @param id |
|
| 687 |
* @param guid
|
|
| 699 | 688 |
* document id |
| 700 | 689 |
* @param principal |
| 701 | 690 |
* principal credentials |
| 702 | 691 |
*/ |
| 703 |
private void permOrderConflict(String id, String permOrder) throws AccessException, PermOrderException {
|
|
| 704 |
if (id == null) {
|
|
| 692 |
private void permOrderConflict(String guid, String permOrder) throws AccessException, PermOrderException {
|
|
| 693 |
if (guid == null) {
|
|
| 705 | 694 |
throw new AccessException("XMLAccessAccess.permOrderConflict - id is required when " +
|
| 706 | 695 |
"determining perm order conflict"); |
| 707 | 696 |
} |
| ... | ... | |
| 718 | 707 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.permOrderConflict");
|
| 719 | 708 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 720 | 709 |
|
| 721 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND perm_order != ?";
|
|
| 710 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND perm_order != ?";
|
|
| 722 | 711 |
pstmt = conn.prepareStatement(sql); |
| 723 | 712 |
|
| 724 | 713 |
// Bind the values to the query |
| 725 |
pstmt.setString(1, id); |
|
| 714 |
pstmt.setString(1, guid);
|
|
| 726 | 715 |
pstmt.setString(2, permOrder); |
| 727 | 716 |
|
| 728 | 717 |
String sqlReport = "XMLAccessAccess.permOrderConflict - SQL: " + sql; |
| 729 |
sqlReport += " [" + id + "," + permOrder + "]"; |
|
| 718 |
sqlReport += " [" + guid + "," + permOrder + "]";
|
|
| 730 | 719 |
|
| 731 | 720 |
logMetacat.info(sqlReport); |
| 732 | 721 |
|
| ... | ... | |
| 735 | 724 |
ResultSet resultSet = pstmt.getResultSet(); |
| 736 | 725 |
if (resultSet.next()) {
|
| 737 | 726 |
throw new PermOrderException("XMLAccessAccess.addXMLAccess - cannot add permission " +
|
| 738 |
"record for id: " + id + "with permOrder: " + permOrder + " due to permOrder conflict"); |
|
| 727 |
"record for id: " + guid + "with permOrder: " + permOrder + " due to permOrder conflict");
|
|
| 739 | 728 |
} |
| 740 | 729 |
} catch (SQLException sqle) {
|
| 741 | 730 |
throw new AccessException("XMLAccessAccess.permOrderConflict - SQL error when checking"
|
| 742 |
+ "for perm order conflict on: " + id + ":" + sqle.getMessage()); |
|
| 731 |
+ "for perm order conflict on: " + guid + ":" + sqle.getMessage());
|
|
| 743 | 732 |
} finally {
|
| 744 | 733 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| 745 | 734 |
} |
| ... | ... | |
| 750 | 739 |
* Delete xml access. This removes all access records from the database for a principal |
| 751 | 740 |
* for a given document, perm type and perm order |
| 752 | 741 |
* |
| 753 |
* @param id |
|
| 742 |
* @param guid
|
|
| 754 | 743 |
* document id |
| 755 | 744 |
* @param principal |
| 756 | 745 |
* principal credentials |
| 757 | 746 |
*/ |
| 758 |
private void deleteXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) throws AccessException {
|
|
| 759 |
if (id == null) {
|
|
| 747 |
private void deleteXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder) throws AccessException {
|
|
| 748 |
if (guid == null) {
|
|
| 760 | 749 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " +
|
| 761 | 750 |
"deleting XML access record"); |
| 762 | 751 |
} |
| ... | ... | |
| 783 | 772 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal");
|
| 784 | 773 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 785 | 774 |
|
| 786 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
| 775 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
| 787 | 776 |
"AND perm_type = ? AND perm_order = ?"; |
| 788 | 777 |
pstmt = conn.prepareStatement(sql); |
| 789 | 778 |
|
| 790 | 779 |
// Bind the values to the query |
| 791 |
pstmt.setString(1, id); |
|
| 780 |
pstmt.setString(1, guid);
|
|
| 792 | 781 |
pstmt.setString(2, principalName); |
| 793 | 782 |
pstmt.setString(3, permType); |
| 794 | 783 |
pstmt.setString(4, permOrder); |
| 795 | 784 |
|
| 796 | 785 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
| 797 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
| 786 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
| 798 | 787 |
|
| 799 | 788 |
logMetacat.info(sqlReport); |
| 800 | 789 |
|
| 801 | 790 |
pstmt.execute(); |
| 802 | 791 |
} catch (SQLException sqle) {
|
| 803 | 792 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting"
|
| 804 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
| 793 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
| 805 | 794 |
principalName + ":" + sqle.getMessage()); |
| 806 | 795 |
} finally {
|
| 807 | 796 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
| ... | ... | |
| 822 | 811 |
int numDenyRecords = 0; |
| 823 | 812 |
long allowPermissionMask = 0; |
| 824 | 813 |
long denyPermissionMask = 0; |
| 825 |
String id = null; |
|
| 814 |
String guid = null;
|
|
| 826 | 815 |
String principalName = null; |
| 827 | 816 |
String permType = null; |
| 828 | 817 |
String permOrder = null; |
| ... | ... | |
| 834 | 823 |
// iterate through the list of access dao objects and bttwise or the permissions. Most |
| 835 | 824 |
// of this is just doing some error checking to make sure each record is valid. |
| 836 | 825 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| 837 |
String daoId = xmlAccessDAO.getDocId(); |
|
| 838 |
if (idAttribute.equals(GUID)) {
|
|
| 839 |
daoId = xmlAccessDAO.getGuid(); |
|
| 840 |
} |
|
| 841 |
if (id == null) {
|
|
| 842 |
id = daoId; |
|
| 826 |
String daoId = xmlAccessDAO.getGuid(); |
|
| 827 |
if (guid == null) {
|
|
| 828 |
guid = daoId; |
|
| 843 | 829 |
} else {
|
| 844 |
if (!id.equals(daoId)) {
|
|
| 830 |
if (!guid.equals(daoId)) {
|
|
| 845 | 831 |
throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " +
|
| 846 |
" Conflicting ids " + daoId + " and " + id); |
|
| 832 |
" Conflicting ids " + daoId + " and " + guid);
|
|
| 847 | 833 |
} |
| 848 | 834 |
} |
| 849 | 835 |
if (principalName == null) {
|
| ... | ... | |
| 900 | 886 |
// if there was more than one allow record, remove all allow records for this user on this doc |
| 901 | 887 |
// with this perm type and perm order then insert a single record |
| 902 | 888 |
if (numAllowRecords > 1) {
|
| 903 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.ALLOW, permOrder); |
|
| 904 |
insertXMLAccess(id, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId); |
|
| 889 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.ALLOW, permOrder);
|
|
| 890 |
insertXMLAccess(guid, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId);
|
|
| 905 | 891 |
} |
| 906 | 892 |
// if there was more than one deny record, remove all deny records for this user on this doc |
| 907 | 893 |
// with this perm type and perm order then insert a single record |
| 908 | 894 |
if (numDenyRecords > 1) {
|
| 909 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.DENY, permOrder); |
|
| 910 |
insertXMLAccess(id, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId); |
|
| 895 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.DENY, permOrder);
|
|
| 896 |
insertXMLAccess(guid, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId);
|
|
| 911 | 897 |
} |
| 912 | 898 |
} |
| 913 | 899 |
|
| ... | ... | |
| 921 | 907 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException {
|
| 922 | 908 |
String permOrder = null; |
| 923 | 909 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| 924 |
String daoId = xmlAccessDAO.getDocId(); |
|
| 925 |
if (idAttribute.equals(GUID)) {
|
|
| 926 |
daoId = xmlAccessDAO.getGuid(); |
|
| 927 |
} |
|
| 910 |
String daoId = xmlAccessDAO.getGuid(); |
|
| 928 | 911 |
if (permOrder == null) {
|
| 929 | 912 |
permOrder = xmlAccessDAO.getPermOrder(); |
| 930 | 913 |
} else {
|
| ... | ... | |
| 949 | 932 |
|
| 950 | 933 |
boolean allowFirst = false; |
| 951 | 934 |
boolean denyFirst = false; |
| 952 |
String id = null; |
|
| 935 |
String guid = null;
|
|
| 953 | 936 |
|
| 954 | 937 |
// These vectors will hold all combinations of access DAOs with different permission |
| 955 | 938 |
// orders and permission types. |
| ... | ... | |
| 960 | 943 |
|
| 961 | 944 |
// sort the access dao records into the appropriate vector |
| 962 | 945 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) {
|
| 963 |
String daoId = xmlAccessDAO.getDocId();
|
|
| 964 |
if (idAttribute.equals(GUID)) {
|
|
| 965 |
daoId = xmlAccessDAO.getGuid();
|
|
| 946 |
String daoId = xmlAccessDAO.getGuid();
|
|
| 947 |
if (guid == null) {
|
|
| 948 |
guid = daoId;
|
|
| 966 | 949 |
} |
| 967 |
if (id == null) {
|
|
| 968 |
id = daoId; |
|
| 969 |
} |
|
| 970 | 950 |
if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.ALLOWFIRST)) {
|
| 971 | 951 |
allowFirst = true; |
| 972 | 952 |
if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
|
| ... | ... | |
| 1000 | 980 |
// document |
| 1001 | 981 |
if(allowFirst && denyFirst) {
|
| 1002 | 982 |
throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " +
|
| 1003 |
" Conflicting permission orders for document " + id + |
|
| 983 |
" Conflicting permission orders for document " + guid +
|
|
| 1004 | 984 |
". Database intervention required "); |
| 1005 | 985 |
} |
| 1006 | 986 |
} |
| ... | ... | |
| 1015 | 995 |
protected XMLAccessDAO populateDAO(ResultSet resultSet) throws SQLException {
|
| 1016 | 996 |
|
| 1017 | 997 |
XMLAccessDAO xmlAccessDAO = new XMLAccessDAO(); |
| 1018 |
xmlAccessDAO.setDocId(resultSet.getString(idAttribute));
|
|
| 998 |
xmlAccessDAO.setGuid(resultSet.getString("guid"));
|
|
| 1019 | 999 |
xmlAccessDAO.setAccessFileId(resultSet.getString("accessfileid"));
|
| 1020 | 1000 |
xmlAccessDAO.setPrincipalName(resultSet.getString("principal_name"));
|
| 1021 | 1001 |
xmlAccessDAO.setPermission(resultSet.getLong("permission"));
|
| src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessDAO.java | ||
|---|---|---|
| 39 | 39 |
*/ |
| 40 | 40 |
public class XMLAccessDAO extends BaseDAO {
|
| 41 | 41 |
|
| 42 |
private String _docId = null; |
|
| 43 | 42 |
private String _guid = null; |
| 44 | 43 |
private String _accessFileId = null; |
| 45 | 44 |
private String _principalName = null; |
| ... | ... | |
| 52 | 51 |
private String _subTreeId = null; |
| 53 | 52 |
private String _startNodeId = null; |
| 54 | 53 |
private String _endNodeId = null; |
| 55 |
|
|
| 56 |
public String getDocId() {
|
|
| 57 |
return _docId; |
|
| 58 |
} |
|
| 59 | 54 |
|
| 60 |
public void setDocId(String docId) {
|
|
| 61 |
if (docId != null && docId.equals("")) {
|
|
| 62 |
docId = null; |
|
| 63 |
} else {
|
|
| 64 |
_docId = docId; |
|
| 65 |
} |
|
| 66 |
} |
|
| 67 |
|
|
| 68 | 55 |
public String getGuid() {
|
| 69 | 56 |
return _guid; |
| 70 | 57 |
} |
| src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
|---|---|---|
| 42 | 42 |
import org.xml.sax.XMLReader; |
| 43 | 43 |
import org.xml.sax.helpers.XMLReaderFactory; |
| 44 | 44 |
|
| 45 |
import edu.ucsb.nceas.metacat.DBUtil; |
|
| 45 | 46 |
import edu.ucsb.nceas.metacat.DocInfoHandler; |
| 47 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
| 48 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
| 46 | 49 |
import edu.ucsb.nceas.metacat.McdbException; |
| 47 | 50 |
import edu.ucsb.nceas.metacat.PermissionController; |
| 48 | 51 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| ... | ... | |
| 61 | 64 |
public class AccessControlForSingleFile implements AccessControlInterface |
| 62 | 65 |
{
|
| 63 | 66 |
|
| 64 |
private String _docId; |
|
| 67 |
private String _guid; |
|
| 68 |
|
|
| 65 | 69 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
| 66 |
|
|
| 67 | 70 |
|
| 68 | 71 |
/** |
| 69 | 72 |
* Construct an instance of the AccessControlForSingleFile class. This |
| ... | ... | |
| 75 | 78 |
public AccessControlForSingleFile(String accessionNumber) |
| 76 | 79 |
throws AccessControlException {
|
| 77 | 80 |
|
| 78 |
// Get rid of dev if myaccessNumber has one; |
|
| 79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 80 |
if (_docId == null || _docId.equals("")) {
|
|
| 81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number "
|
|
| 82 |
+ "can't be null in constructor"); |
|
| 81 |
// this is a local metacat id |
|
| 82 |
String docid = DocumentUtil.getDocIdFromString(accessionNumber); |
|
| 83 |
// get the revision |
|
| 84 |
String revision = DocumentUtil.getRevisionStringFromString(accessionNumber); |
|
| 85 |
int rev = -1; |
|
| 86 |
if (revision != null) {
|
|
| 87 |
// we were given it |
|
| 88 |
rev = Integer.valueOf(revision); |
|
| 89 |
} else {
|
|
| 90 |
// look up the latest |
|
| 91 |
try {
|
|
| 92 |
rev = DBUtil.getLatestRevisionInDocumentTable(docid); |
|
| 93 |
} catch (SQLException e) {
|
|
| 94 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
| 95 |
ace.initCause(e); |
|
| 96 |
throw ace; |
|
| 97 |
} |
|
| 98 |
if (rev <= 0) {
|
|
| 99 |
// look in the revisions table |
|
| 100 |
try {
|
|
| 101 |
rev = DBUtil.getMaxRevFromRevisionTable(docid); |
|
| 102 |
} catch (SQLException e) {
|
|
| 103 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
| 104 |
ace.initCause(e); |
|
| 105 |
throw ace; |
|
| 106 |
} |
|
| 107 |
} |
|
| 83 | 108 |
} |
| 109 |
|
|
| 110 |
// find the guid for this docid.rev |
|
| 111 |
try {
|
|
| 112 |
_guid = IdentifierManager.getInstance().getGUID(docid, rev); |
|
| 113 |
} catch (McdbDocNotFoundException e) {
|
|
| 114 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
| 115 |
ace.initCause(e); |
|
| 116 |
throw ace; |
|
| 117 |
} |
|
| 118 |
|
|
| 119 |
// couldn't find it? |
|
| 120 |
if (_guid == null || _guid.equals("")) {
|
|
| 121 |
throw new AccessControlException("Guid cannot be null");
|
|
| 122 |
} |
|
| 84 | 123 |
|
| 85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
| 124 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _guid);
|
|
| 86 | 125 |
} |
| 87 | 126 |
|
| 88 | 127 |
/** |
| ... | ... | |
| 118 | 157 |
// doc id. |
| 119 | 158 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 120 | 159 |
//System.out.println("permission in accessControlForSingleFile.insertPermissions: " + permission);
|
| 121 |
xmlAccessAccess.addXMLAccess(_docId, principalName, new Long(permission), permType, permOrder, accessFileId, subTreeId);
|
|
| 160 |
xmlAccessAccess.addXMLAccess(_guid, principalName, new Long(permission), permType, permOrder, accessFileId, subTreeId);
|
|
| 122 | 161 |
} catch (AccessException ae) {
|
| 123 | 162 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
| 124 | 163 |
+ "DB access error when inserting permissions: " + ae.getMessage()); |
| ... | ... | |
| 137 | 176 |
try {
|
| 138 | 177 |
// use DocInfoHandler to parse the access section into DAO objects |
| 139 | 178 |
XMLReader parser = null; |
| 140 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId);
|
|
| 179 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_guid);
|
|
| 141 | 180 |
ContentHandler chandler = docInfoHandler; |
| 142 | 181 |
|
| 143 | 182 |
// Get an instance of the parser |
| ... | ... | |
| 155 | 194 |
|
| 156 | 195 |
// replace all access on the document |
| 157 | 196 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
| 158 |
xmlAccessAccess.replaceAccess(_docId, accessControlList);
|
|
| 197 |
xmlAccessAccess.replaceAccess(_guid, accessControlList);
|
|
| 159 | 198 |
|
| 160 | 199 |
} catch (PropertyNotFoundException pnfe) {
|
| 161 | 200 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
|
| ... | ... | |
| 199 | 238 |
"AND perm_order = ? "); |
| 200 | 239 |
|
| 201 | 240 |
// Bind the values to the query |
| 202 |
pstmt.setString(1, _docId);
|
|
| 241 |
pstmt.setString(1, _guid);
|
|
| 203 | 242 |
pstmt.setString(2, xmlAccessDAO.getPrincipalName()); |
| 204 | 243 |
pstmt.setLong(3, xmlAccessDAO.getPermission()); |
| 205 | 244 |
pstmt.setString(4, xmlAccessDAO.getPermType()); |
| ... | ... | |
| 246 | 285 |
try {
|
| 247 | 286 |
hasPermission = isOwned(user); |
| 248 | 287 |
if (!hasPermission) {
|
| 249 |
PermissionController controller = new PermissionController(_docId);
|
|
| 288 |
PermissionController controller = new PermissionController(_guid);
|
|
| 250 | 289 |
hasPermission = |
| 251 | 290 |
controller.hasPermission(user, groups, READSTRING); |
| 252 | 291 |
} |
| ... | ... | |
| 257 | 296 |
if (hasPermission) {
|
| 258 | 297 |
// Get a list of all access dao objects for this docid |
| 259 | 298 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 260 |
Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
|
|
| 299 |
Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
|
|
| 261 | 300 |
output.append(getAccessString(xmlAccessDAOList)); |
| 262 | 301 |
} else {
|
| 263 | 302 |
output.append(getAccessString(new Vector<XMLAccessDAO>())); |
| ... | ... | |
| 288 | 327 |
try {
|
| 289 | 328 |
// Get a list of all access dao objects for this docid |
| 290 | 329 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
| 291 |
xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
|
|
| 330 |
xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
|
|
| 292 | 331 |
} catch (AccessException ae) {
|
| 293 | 332 |
throw new AccessControlException("AccessControlForSingleFile.getAccessString() - DB access error when " +
|
| 294 | 333 |
"getting access string: " + ae.getMessage()); |
| ... | ... | |
| 324 | 363 |
subtreeid = xmlAccessDAOList.get(0).getSubTreeId(); |
| 325 | 364 |
} |
| 326 | 365 |
|
| 327 |
output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _docId + "\" scope=\"document\"");
|
|
| 366 |
output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _guid + "\" scope=\"document\"");
|
|
| 328 | 367 |
if (accessfileid != null) {
|
| 329 | 368 |
output.append(" accessfileid=\"" + accessfileid + "\"");
|
| 330 | 369 |
} |
| ... | ... | |
| 398 | 437 |
serialNumber = conn.getCheckOutSerialNumber(); |
| 399 | 438 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents "
|
| 400 | 439 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
| 401 |
pstmt.setString(1, _docId);
|
|
| 440 |
pstmt.setString(1, _guid);
|
|
| 402 | 441 |
pstmt.setString(2, user); |
| 403 | 442 |
pstmt.execute(); |
| 404 | 443 |
ResultSet rs = pstmt.getResultSet(); |
| src/edu/ucsb/nceas/metacat/clientview/ClientViewHelper.java | ||
|---|---|---|
| 15 | 15 |
import com.oreilly.servlet.multipart.Part; |
| 16 | 16 |
|
| 17 | 17 |
import edu.ucsb.nceas.metacat.DocInfoHandler; |
| 18 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
| 19 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
| 18 | 20 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlException; |
| 19 | 21 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
| 20 | 22 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
| ... | ... | |
| 505 | 507 |
} |
| 506 | 508 |
|
| 507 | 509 |
private String setPublicAccess(String permissionType, String metaDocId, Stack docIdStack) |
| 508 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException{
|
|
| 510 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException, McdbDocNotFoundException{
|
|
| 509 | 511 |
String result = " for Documents "; |
| 510 | 512 |
String docId, lst = metaDocId, permOrder; |
| 511 | 513 |
|
| ... | ... | |
| 534 | 536 |
* Second, remove all access rules of the user public, then add the new rules. |
| 535 | 537 |
*/ |
| 536 | 538 |
private void setPublicReadAccess(String permissionType, String docid) |
| 537 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException{
|
|
| 539 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException, McdbDocNotFoundException{
|
|
| 538 | 540 |
String originalAccessBlock = getMetacatClient().getAccessControl(docid); |
| 539 | 541 |
Vector<XMLAccessDAO> accessList = parseAccessXMLBlock(docid, originalAccessBlock); |
| 540 | 542 |
if(accessList != null && !accessList.isEmpty()) {
|
| ... | ... | |
| 607 | 609 |
* Populate xmlAccessDAO object with the some parameters. |
| 608 | 610 |
*/ |
| 609 | 611 |
private XMLAccessDAO generateXMLAccessDAO(String docid, String principalName, |
| 610 |
String permission, String permType, String permOrder) {
|
|
| 611 |
String identifier = DocumentUtil.getDocIdFromString(docid); |
|
| 612 |
String permission, String permType, String permOrder) throws McdbDocNotFoundException {
|
|
| 613 |
String localId = DocumentUtil.getDocIdFromString(docid); |
|
| 614 |
int rev = DocumentUtil.getRevisionFromAccessionNumber(docid); |
|
| 615 |
String identifier = IdentifierManager.getInstance().getGUID(localId, rev); |
|
| 612 | 616 |
XMLAccessDAO xmlAccessDAO = new XMLAccessDAO(); |
| 613 |
xmlAccessDAO.setDocId(identifier);
|
|
| 617 |
xmlAccessDAO.setGuid(identifier);
|
|
| 614 | 618 |
xmlAccessDAO.setPrincipalName(principalName); |
| 615 | 619 |
xmlAccessDAO.setPermission(Integer.valueOf(AccessControlList.intValue(permission)).longValue()); |
| 616 | 620 |
xmlAccessDAO.setPermType(permType); |
| src/edu/ucsb/nceas/metacat/PermissionController.java | ||
|---|---|---|
| 53 | 53 |
|
| 54 | 54 |
public class PermissionController |
| 55 | 55 |
{
|
| 56 |
private String docId = null; |
|
| 56 |
// private String docId = null; |
|
| 57 |
// private int rev = -1; |
|
| 58 |
|
|
| 59 |
private String guid = null; |
|
| 60 |
|
|
| 57 | 61 |
private boolean hasSubTreeAccessControl = false; // flag if has a subtree |
| 58 | 62 |
// access for this docid |
| 59 | 63 |
private Vector subTreeList = new Vector(); |
| ... | ... | |
| 64 | 68 |
private static Logger logMetacat = Logger.getLogger(PermissionController.class); |
| 65 | 69 |
|
| 66 | 70 |
/** |
| 67 |
* Constructor for PermissionController |
|
| 68 |
* @param myDocid the docid need to access |
|
| 69 |
*/ |
|
| 70 |
public PermissionController(String myDocid) throws McdbException |
|
| 71 |
{
|
|
| 72 |
// Get rid of rev number |
|
| 73 |
docId = DocumentUtil.getSmartDocId(myDocid); |
|
| 74 |
//hasSubTreeAccessControl = checkSubTreeAccessControl(); |
|
| 75 |
} |
|
| 71 |
* Constructor for PermissionController |
|
| 72 |
* |
|
| 73 |
* @param myDocid the docid need to access |
|
| 74 |
*/ |
|
| 75 |
public PermissionController(String myDocid) throws McdbException {
|
|
| 76 | 76 |
|
| 77 |
/** |
|
| 78 |
* Constructor for PermssionController |
|
| 79 |
* @param myDocid String |
|
| 80 |
* @param needDeleteRev boolean |
|
| 81 |
*/ |
|
| 82 |
public PermissionController(String myDocid, boolean needDeleteRevFromDocid) |
|
| 83 |
{
|
|
| 84 |
if (!needDeleteRevFromDocid) |
|
| 85 |
{
|
|
| 86 |
docId = myDocid; |
|
| 87 |
} |
|
| 88 |
else |
|
| 89 |
{
|
|
| 90 |
docId = DocumentUtil.getDocIdFromAccessionNumber(myDocid); |
|
| 91 |
} |
|
| 92 |
} |
|
| 77 |
// find the guid if we can |
|
| 78 |
String docId = null; |
|
| 79 |
int rev = -1; |
|
| 93 | 80 |
|
| 81 |
// get the parts |
|
| 82 |
docId = DocumentUtil.getSmartDocId(myDocid); |
|
| 83 |
rev = DocumentUtil.getRevisionFromAccessionNumber(myDocid); |
|
| 84 |
|
|
| 85 |
// this is what we really want |
|
| 86 |
guid = IdentifierManager.getInstance().getGUID(docId, rev); |
|
| 87 |
|
|
| 88 |
} |
|
| 89 |
|
|
| 94 | 90 |
/** |
| 95 | 91 |
* Return if a document has subtree access control |
| 96 | 92 |
*/ |
| ... | ... | |
| 147 | 143 |
//if the requested document is access documents and requested permission |
| 148 | 144 |
//is "write", the user should have "all" right |
| 149 | 145 |
|
| 150 |
if (isAccessDocument(docId) && (permission == AccessControlInterface.WRITE))
|
|
| 146 |
if (isAccessDocument() && (permission == AccessControlInterface.WRITE)) |
|
| 151 | 147 |
{
|
| 152 | 148 |
|
| 153 |
hasPermission = hasPermission(userPackage,docId, 7);// 7 is all permission
|
|
| 149 |
hasPermission = hasPermission(userPackage, 7);// 7 is all permission |
|
| 154 | 150 |
}//if |
| 155 | 151 |
else //in other situation, just check the request permission |
| 156 | 152 |
{
|
| 157 | 153 |
// Check for @permission on @docid for @user and/or @groups |
| 158 |
hasPermission = hasPermission(userPackage,docId, permission);
|
|
| 154 |
hasPermission = hasPermission(userPackage, permission); |
|
| 159 | 155 |
}//else |
| 160 | 156 |
|
| 161 | 157 |
return hasPermission; |
| ... | ... | |
| 169 | 165 |
* @param docid, document identifier to check on |
| 170 | 166 |
* @param permission, permission (write or all...) to check for |
| 171 | 167 |
*/ |
| 172 |
private boolean hasPermission(String [] principals, String docId, |
|
| 173 |
int permission) |
|
| 168 |
private boolean hasPermission(String [] principals, int permission) |
|
| 174 | 169 |
throws SQLException |
| 175 | 170 |
{
|
| 176 | 171 |
long startId = TOPLEVELSTARTNODEID;// this is for top level, so startid is 0 |
| ... | ... | |
| 178 | 173 |
{
|
| 179 | 174 |
//first, if there is a docid owner in user package, return true |
| 180 | 175 |
//because doc owner has all permssion |
| 181 |
if (containDocumentOwner(principals, docId))
|
|
| 176 |
if (containDocumentOwner(principals)) |
|
| 182 | 177 |
{
|
| 183 | 178 |
|
| 184 | 179 |
return true; |
| ... | ... | |
| 186 | 181 |
|
| 187 | 182 |
//If there is no owner in user package, checking the table |
| 188 | 183 |
//check perm_order |
| 189 |
if (isAllowFirst(principals, docId, startId))
|
|
| 184 |
if (isAllowFirst(principals, startId)) |
|
| 190 | 185 |
{
|
| 191 | 186 |
|
| 192 |
if (hasExplicitDenyRule(principals, docId, permission, startId))
|
|
| 187 |
if (hasExplicitDenyRule(principals, permission, startId)) |
|
| 193 | 188 |
{
|
| 194 | 189 |
//if it is allowfirst and has deny rule(either explicit ) |
| 195 | 190 |
//deny access |
| 196 | 191 |
|
| 197 | 192 |
return false; |
| 198 | 193 |
}//if |
| 199 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
| 194 |
else if ( hasAllowRule(principals, permission, startId)) |
|
| 200 | 195 |
{
|
| 201 | 196 |
//if it is allowfirst and hasn't deny rule and has allow rule |
| 202 | 197 |
//allow access |
| ... | ... | |
| 212 | 207 |
}//if isAllowFirst |
| 213 | 208 |
else //denyFirst |
| 214 | 209 |
{
|
| 215 |
if (hasAllowRule(principals, docId, permission, startId))
|
|
| 210 |
if (hasAllowRule(principals, permission, startId)) |
|
| 216 | 211 |
{
|
| 217 | 212 |
//if it is denyFirst and has allow rule, allow access |
| 218 | 213 |
return true; |
| ... | ... | |
| 251 | 246 |
// from inlinedataId directly. You should get it from eml document itself |
| 252 | 247 |
String []userPackage = createUsersPackage(user, groups); |
| 253 | 248 |
try {
|
| 254 |
if (containDocumentOwner(userPackage, docId))
|
|
| 249 |
if (containDocumentOwner(userPackage)) |
|
| 255 | 250 |
{
|
| 256 | 251 |
return true; |
| 257 | 252 |
} |
| 258 | 253 |
else |
| 259 | 254 |
{
|
| 260 |
PermissionController controller = |
|
| 261 |
new PermissionController(inlineDataId, false); |
|
| 255 |
// is a funky inline data id with the extra part, so we set it manually |
|
| 256 |
PermissionController controller = new PermissionController(guid); |
|
| 257 |
controller.guid = inlineDataId; |
|
| 262 | 258 |
return controller.hasPermission(user, groups, myPermission); |
| 263 | 259 |
} |
| 264 | 260 |
} catch (SQLException e) {
|
| ... | ... | |
| 318 | 314 |
//for the document owner return null(no unaccessable subtree) |
| 319 | 315 |
try |
| 320 | 316 |
{
|
| 321 |
if (containDocumentOwner(principals, docId))
|
|
| 317 |
if (containDocumentOwner(principals)) |
|
| 322 | 318 |
{
|
| 323 | 319 |
return resultUnaccessableSubTree; |
| 324 | 320 |
} |
| ... | ... | |
| 337 | 333 |
|
| 338 | 334 |
try |
| 339 | 335 |
{
|
| 340 |
if (isAllowFirst(principals, docId, startId))
|
|
| 336 |
if (isAllowFirst(principals, startId)) |
|
| 341 | 337 |
{
|
| 342 | 338 |
|
| 343 |
if (hasExplicitDenyRule(principals, docId, permission, startId ))
|
|
| 339 |
if (hasExplicitDenyRule(principals, permission, startId )) |
|
| 344 | 340 |
{
|
| 345 | 341 |
|
| 346 | 342 |
//if it is allowfirst and has deny rule |
| ... | ... | |
| 350 | 346 |
resultUnaccessableSubTree.put(new Long(startId), tree); |
| 351 | 347 |
} |
| 352 | 348 |
}//if |
| 353 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
| 349 |
else if ( hasAllowRule(principals, permission, startId)) |
|
| 354 | 350 |
{
|
| 355 | 351 |
//if it is allowfirst and hasn't deny rule and has allow rule |
| 356 | 352 |
//allow access do nothing |
| ... | ... | |
| 368 | 364 |
}//if isAllowFirst |
| 369 | 365 |
else //denyFirst |
| 370 | 366 |
{
|
| 371 |
if (hasAllowRule(principals, docId, permission,startId))
|
|
| 367 |
if (hasAllowRule(principals, permission,startId)) |
|
| 372 | 368 |
{
|
| 373 | 369 |
//if it is denyFirst and has allow rule, allow access, do nothing |
| 374 | 370 |
|
| ... | ... | |
| 463 | 459 |
* @param docId, |
| 464 | 460 |
* the document id need to be checked |
| 465 | 461 |
*/ |
| 466 |
private boolean isAccessDocument(String docId) throws SQLException {
|
|
| 467 |
// detele the rev number if docid contains it |
|
| 462 |
private boolean isAccessDocument() throws SQLException {
|
|
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560