Revision 6744
Added by ben leinfelder about 13 years ago
test/edu/ucsb/nceas/metacattest/AccessAPITest.java | ||
---|---|---|
137 | 137 |
true); |
138 | 138 |
accessDAOList = new Vector<XMLAccessDAO>(); |
139 | 139 |
accessDAO = new XMLAccessDAO(); |
140 |
accessDAO.setDocId(docId);
|
|
140 |
accessDAO.setGuid(docId);
|
|
141 | 141 |
accessDAO.setPrincipalName(principal); |
142 | 142 |
accessDAO.setPermission(new Long(AccessControlInterface.READ)); |
143 | 143 |
accessDAO.setPermType(AccessControlInterface.ALLOW); |
... | ... | |
470 | 470 |
|
471 | 471 |
System.out.println("subAccessDAO.perm: '" + subAccessDAO.getPermission() + "'"); |
472 | 472 |
System.out.println("mainAccessDAO.perm: '" + mainAccessDAO.getPermission() + "'");*/ |
473 |
if (subAccessDAO.getDocId().equals(mainAccessDAO.getDocId()) &&
|
|
473 |
if (subAccessDAO.getGuid().equals(mainAccessDAO.getGuid()) &&
|
|
474 | 474 |
subAccessDAO.getPermOrder().equals(mainAccessDAO.getPermOrder()) && |
475 | 475 |
subAccessDAO.getPermType().equals(mainAccessDAO.getPermType()) && |
476 | 476 |
subAccessDAO.getPrincipalName().equals(mainAccessDAO.getPrincipalName()) && |
... | ... | |
540 | 540 |
*/ |
541 | 541 |
private void debugAccessDAOList(Vector<XMLAccessDAO> accessDAOList) { |
542 | 542 |
for (XMLAccessDAO xmlAccessDAO : accessDAOList) { |
543 |
debug("Doc ID: " + xmlAccessDAO.getDocId());
|
|
543 |
debug("Guid: " + xmlAccessDAO.getGuid());
|
|
544 | 544 |
debug("Perm Order: " + xmlAccessDAO.getPermOrder()); |
545 | 545 |
debug("Perm Type: " + xmlAccessDAO.getPermType()); |
546 | 546 |
debug("Principal " + xmlAccessDAO.getPrincipalName()); |
src/upgrade-db-to-2.0.0-postgres.sql | ||
---|---|---|
61 | 61 |
* Replication changes to support DataONE System Metadata replication |
62 | 62 |
*/ |
63 | 63 |
ALTER TABLE xml_replication ADD COLUMN systemmetadatareplicate INT8; |
64 |
/* |
|
65 |
* Allow guid in xml_access table (for system metadata) |
|
66 |
*/ |
|
67 |
ALTER TABLE xml_access ADD COLUMN guid text; |
|
68 | 64 |
|
69 | 65 |
/** |
70 | 66 |
* track the user-agent for the request |
... | ... | |
76 | 72 |
*/ |
77 | 73 |
INSERT INTO xml_catalog (entry_type, public_id, system_id) |
78 | 74 |
VALUES ('Schema', '@eml2_1_1namespace@', '/schema/eml-2.1.1/eml.xsd'); |
75 |
|
|
76 |
/** |
|
77 |
* Generate GUIDs for docid.rev |
|
78 |
*/ |
|
79 |
INSERT INTO identifier (docid, rev, guid) |
|
80 |
SELECT docid, rev, docid || '.' || rev FROM xml_documents; |
|
81 |
INSERT INTO identifier (docid, rev, guid) |
|
82 |
SELECT docid, revisionid, docid || '.' || revisionid FROM xml_revisions; |
|
83 |
|
|
84 |
/** |
|
85 |
* Allow guid in xml_access table (for system metadata) |
|
86 |
*/ |
|
87 |
ALTER TABLE xml_access ADD COLUMN guid text; |
|
88 |
|
|
89 |
/** |
|
90 |
* Upgrade xml_access records to use GUID from identifier table |
|
91 |
*/ |
|
92 |
INSERT INTO xml_access ( |
|
93 |
guid, principal_name, permission, perm_type, perm_order, |
|
94 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
95 |
) |
|
96 |
SELECT |
|
97 |
id.guid, xa.principal_name, xa.permission, xa.perm_type, xa.perm_order, |
|
98 |
xa.docid, xa.accessfileid, xa.begin_time, xa.end_time, xa.ticket_count, xa.subtreeid, xa.startnodeid, xa.endnodeid |
|
99 |
FROM identifier id, xml_access xa |
|
100 |
WHERE id.docid = xa.docid; |
|
101 |
|
|
102 |
/** |
|
103 |
* Include inline access rows -- they have a special guid: 'scope.docid.rev.index' |
|
104 |
*/ |
|
105 |
INSERT INTO xml_access ( |
|
106 |
guid, principal_name, permission, perm_type, perm_order, |
|
107 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
108 |
) |
|
109 |
SELECT |
|
110 |
docid, principal_name, permission, perm_type, perm_order, |
|
111 |
docid, accessfileid, begin_time, end_time, ticket_count, subtreeid, startnodeid, endnodeid |
|
112 |
FROM xml_access |
|
113 |
WHERE docid like '%.%.%.%'; |
|
114 |
|
|
115 |
/** |
|
116 |
* Update the accessfileid to use guid |
|
117 |
* TODO: specific revision should be used |
|
118 |
*/ |
|
119 |
UPDATE xml_access |
|
120 |
SET accessfileid = id.guid |
|
121 |
FROM identifier id, xml_access xa |
|
122 |
WHERE xa.accessfileid = id.docid |
|
123 |
|
|
124 |
|
|
125 |
/** |
|
126 |
* Remove old access rules |
|
127 |
*/ |
|
128 |
DELETE FROM xml_access WHERE guid is null; |
|
129 |
|
|
130 |
/** |
|
131 |
* clean up the xml_access table |
|
132 |
*/ |
|
133 |
ALTER TABLE xml_access DROP COLUMN docid; |
|
134 |
|
|
79 | 135 |
/* |
80 | 136 |
* update the database version |
81 | 137 |
*/ |
src/xmltables-postgres.sql | ||
---|---|---|
209 | 209 |
* ACL -- table to store ACL for XML documents by principals |
210 | 210 |
*/ |
211 | 211 |
CREATE TABLE xml_access ( |
212 |
docid VARCHAR(250), -- the document id # |
|
213 | 212 |
guid text, -- foreign key to system metadata |
214 | 213 |
accessfileid VARCHAR(250), -- the document id # for the access file |
215 | 214 |
principal_name VARCHAR(100), -- name of user, group, etc. |
src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
---|---|---|
272 | 272 |
{ |
273 | 273 |
String allowQuery = null; |
274 | 274 |
String allowString = constructAllowString(); |
275 |
allowQuery = "SELECT docid from xml_access WHERE( " + allowString;
|
|
275 |
allowQuery = "SELECT id.docid from xml_access xa, identifier id WHERE id.guid = xa.guid AND ( " + allowString;
|
|
276 | 276 |
allowQuery = allowQuery + ")"; |
277 | 277 |
logMetacat.info("QuerySpecification.createAllowRuleQuery - allow query is: " + allowQuery); |
278 | 278 |
return allowQuery; |
... | ... | |
319 | 319 |
{ |
320 | 320 |
String denyQuery = null; |
321 | 321 |
String denyString = constructDenyString(); |
322 |
denyQuery = "SELECT docid from xml_access WHERE( " + denyString;
|
|
322 |
denyQuery = "SELECT id.docid from xml_access xa, identifier id WHERE id.guid = xa.guid AND ( " + denyString;
|
|
323 | 323 |
denyQuery = denyQuery + ") "; |
324 | 324 |
logMetacat.info("QuerySpecification.createDenyRuleQuery - denyquery is: " + denyQuery); |
325 | 325 |
return denyQuery; |
src/edu/ucsb/nceas/metacat/spatial/SpatialHarvester.java | ||
---|---|---|
71 | 71 |
} |
72 | 72 |
|
73 | 73 |
/** |
74 |
* Returns a Vector of all the docids in the xml_path_index tables
|
|
74 |
* Returns a Vector of all the current versions of public docids
|
|
75 | 75 |
*/ |
76 | 76 |
protected Vector<String> queryAllDocids() { |
77 | 77 |
Vector<String> _docs = new Vector<String>(); |
... | ... | |
83 | 83 |
* to be considered for the spatial cache |
84 | 84 |
*/ |
85 | 85 |
//String query = "select distinct docid from xml_path_index"; |
86 |
String query = "select distinct docid from xml_access where principal_name = 'public' and perm_type = 'allow'"; |
|
86 |
String query = "select distinct id.docid " + |
|
87 |
"from xml_access xa, identifier id, xml_documents xd " + |
|
88 |
"where xa.guid = id.guid " + |
|
89 |
"and id.docid = xd.docid " + |
|
90 |
"and id.rev = xd.rev " + |
|
91 |
"and xa.principal_name = 'public' " + |
|
92 |
"and xa.perm_type = 'allow'"; |
|
87 | 93 |
|
88 | 94 |
try { |
89 | 95 |
pstmt = dbconn.prepareStatement(query); |
src/edu/ucsb/nceas/metacat/spatial/SpatialDocument.java | ||
---|---|---|
143 | 143 |
if (isSpatialDocument) { |
144 | 144 |
|
145 | 145 |
/* |
146 |
* Get the bounding coordinates |
|
146 |
* Get the bounding coordinates for current public revision
|
|
147 | 147 |
*/ |
148 | 148 |
query = "SELECT path, nodedatanumerical, parentnodeid FROM xml_path_index" |
149 | 149 |
+ " WHERE docid = ?" |
150 |
+ " AND docid IN (SELECT distinct docid FROM xml_access WHERE docid = ?" |
|
151 |
+ " AND principal_name = 'public' AND perm_type = 'allow')" |
|
150 |
+ " AND docid IN " + |
|
151 |
"(SELECT distinct id.docid " + |
|
152 |
"FROM identifier id, xml_access xa, xml_documents xd " |
|
153 |
+ " WHERE id.docid = ?" |
|
154 |
+ " AND id.docid = xd.docid " |
|
155 |
+ " AND id.rev = xd.rev " |
|
156 |
+ " AND id.guid = xa.guid " |
|
157 |
+ " AND xa.principal_name = 'public' AND xa.perm_type = 'allow')" |
|
152 | 158 |
+ " AND (path = '" + westPath + "'" + " OR path = '" + southPath |
153 | 159 |
+ "'" + " OR path = '" + eastPath + "'" + " OR path = '" |
154 | 160 |
+ northPath + "'" + " ) ORDER BY parentnodeid;"; |
src/edu/ucsb/nceas/metacat/AssociateAccessPolicy.java | ||
---|---|---|
177 | 177 |
ResultSet rs=null; |
178 | 178 |
|
179 | 179 |
//the query stirng |
180 |
String query="SELECT docid from xml_access";
|
|
180 |
String query="SELECT id.docid from xml_access xa, identifier id where xa.guid = id.guid";
|
|
181 | 181 |
try |
182 | 182 |
{ |
183 | 183 |
pStmt=conn.prepareStatement(query); |
... | ... | |
409 | 409 |
docId=(String)docList.nextElement(); |
410 | 410 |
dataSetId=(String)docIdMapDataSetId.get(docId); |
411 | 411 |
query="select accessfileid, principal_name,permission,perm_type," |
412 |
+"perm_order,begin_time,end_time,ticket_count from xml_access " |
|
413 |
+"where docid =?";
|
|
412 |
+"perm_order,begin_time,end_time,ticket_count from xml_access xa, identifier id "
|
|
413 |
+"where id.docid = ? and id.guid = xa.guid";
|
|
414 | 414 |
pStmt=conn.prepareStatement(query); |
415 | 415 |
//bind the value to query |
416 | 416 |
pStmt.setString(1, dataSetId); |
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessAccess.java | ||
---|---|---|
35 | 35 |
|
36 | 36 |
import org.apache.log4j.Logger; |
37 | 37 |
|
38 |
import edu.ucsb.nceas.metacat.AccessionNumber; |
|
39 |
import edu.ucsb.nceas.metacat.AccessionNumberException; |
|
40 |
import edu.ucsb.nceas.metacat.DBUtil; |
|
41 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
42 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
43 | 38 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
44 | 39 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
45 | 40 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
... | ... | |
48 | 43 |
public class XMLAccessAccess extends BaseAccess { |
49 | 44 |
|
50 | 45 |
private Logger logMetacat = Logger.getLogger(XMLAccessAccess.class); |
51 |
|
|
52 |
private static String DOCID = "docid"; |
|
53 |
|
|
54 |
private static String GUID = "guid"; |
|
55 |
|
|
56 |
private String idAttribute = DOCID; |
|
57 |
|
|
46 |
|
|
58 | 47 |
// Constructor |
59 | 48 |
public XMLAccessAccess() throws AccessException {} |
60 | 49 |
|
61 |
public XMLAccessAccess(boolean useGuid) { |
|
62 |
if (useGuid) { |
|
63 |
idAttribute = GUID; |
|
64 |
} |
|
65 |
} |
|
66 | 50 |
|
67 | 51 |
/** |
68 | 52 |
* Get all xml access for a document |
... | ... | |
71 | 55 |
* the id of the document |
72 | 56 |
* @return an xml access DAO list |
73 | 57 |
*/ |
74 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String id) throws AccessException { |
|
58 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String guid) throws AccessException {
|
|
75 | 59 |
|
76 | 60 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
77 | 61 |
|
78 |
if (id == null) { |
|
62 |
if (guid == null) {
|
|
79 | 63 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - doc id " + |
80 | 64 |
"must be specified when selecting xml_access record"); |
81 | 65 |
} |
... | ... | |
88 | 72 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForDoc"); |
89 | 73 |
serialNumber = conn.getCheckOutSerialNumber(); |
90 | 74 |
|
91 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ?";
|
|
75 |
String sql = "SELECT * FROM xml_access WHERE guid = ?";
|
|
92 | 76 |
pstmt = conn.prepareStatement(sql); |
93 | 77 |
|
94 |
pstmt.setString(1, id); |
|
78 |
pstmt.setString(1, guid);
|
|
95 | 79 |
|
96 | 80 |
String sqlReport = "XMLAccessAccess.getXMLAccessForDoc - SQL: " + sql; |
97 |
sqlReport += " [" + id + "]"; |
|
81 |
sqlReport += " [" + guid + "]";
|
|
98 | 82 |
|
99 | 83 |
logMetacat.info(sqlReport); |
100 | 84 |
|
... | ... | |
113 | 97 |
|
114 | 98 |
} catch (SQLException sqle) { |
115 | 99 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - SQL error when getting access " + |
116 |
" for id: " + id + " : " + sqle.getMessage()); |
|
100 |
" for id: " + guid + " : " + sqle.getMessage());
|
|
117 | 101 |
} catch (PermOrderException poe) { |
118 | 102 |
String errorStr = "XMLAccessAccess.getXMLAccessForDoc - Permission order error when getting " + |
119 |
"access record for doc id: " + id + " : " + poe.getMessage(); |
|
103 |
"access record for doc id: " + guid + " : " + poe.getMessage();
|
|
120 | 104 |
logMetacat.error(errorStr); |
121 | 105 |
throw new AccessException(errorStr); |
122 | 106 |
} finally { |
... | ... | |
133 | 117 |
* the credentials of the principal in the database |
134 | 118 |
* @return an xml access DAO list |
135 | 119 |
*/ |
136 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName) |
|
120 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName)
|
|
137 | 121 |
throws AccessException { |
138 | 122 |
|
139 | 123 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
140 | 124 |
|
141 |
if (id == null) { |
|
125 |
if (guid == null) {
|
|
142 | 126 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " + |
143 | 127 |
"must be specified when selecting xml_access record"); |
144 | 128 |
} |
... | ... | |
155 | 139 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal"); |
156 | 140 |
serialNumber = conn.getCheckOutSerialNumber(); |
157 | 141 |
|
158 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
142 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
159 | 143 |
pstmt = conn.prepareStatement(sql); |
160 | 144 |
|
161 |
pstmt.setString(1, id); |
|
145 |
pstmt.setString(1, guid);
|
|
162 | 146 |
pstmt.setString(2, principalName); |
163 | 147 |
|
164 | 148 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
165 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
149 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
166 | 150 |
|
167 | 151 |
logMetacat.info(sqlReport); |
168 | 152 |
|
... | ... | |
181 | 165 |
|
182 | 166 |
} catch (SQLException sqle) { |
183 | 167 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " + |
184 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
168 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
185 | 169 |
} catch (PermOrderException poe) { |
186 | 170 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
187 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
171 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
188 | 172 |
logMetacat.error(errorStr); |
189 | 173 |
throw new AccessException(errorStr); |
190 | 174 |
} finally { |
... | ... | |
195 | 179 |
/** |
196 | 180 |
* Get all xml access for a principal/permType/permOrder for a certain document |
197 | 181 |
* |
198 |
* @param id |
|
182 |
* @param guid
|
|
199 | 183 |
* the id of the document |
200 | 184 |
* @param principalName |
201 | 185 |
* the credentials of the principal in the database |
202 | 186 |
* @return an xml access DAO list |
203 | 187 |
*/ |
204 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) |
|
188 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder)
|
|
205 | 189 |
throws AccessException { |
206 | 190 |
|
207 | 191 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
208 | 192 |
|
209 |
if (id == null) { |
|
193 |
if (guid == null) {
|
|
210 | 194 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " + |
211 | 195 |
"must be specified when selecting xml_access record"); |
212 | 196 |
} |
... | ... | |
231 | 215 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal"); |
232 | 216 |
serialNumber = conn.getCheckOutSerialNumber(); |
233 | 217 |
|
234 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
218 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
235 | 219 |
"AND perm_type = ? AND perm_order = ?"; |
236 | 220 |
pstmt = conn.prepareStatement(sql); |
237 | 221 |
|
238 |
pstmt.setString(1, id); |
|
222 |
pstmt.setString(1, guid);
|
|
239 | 223 |
pstmt.setString(2, principalName); |
240 | 224 |
pstmt.setString(3, permType); |
241 | 225 |
pstmt.setString(4, permOrder); |
242 | 226 |
|
243 | 227 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
244 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
228 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
245 | 229 |
|
246 | 230 |
logMetacat.info(sqlReport); |
247 | 231 |
|
... | ... | |
259 | 243 |
|
260 | 244 |
} catch (SQLException sqle) { |
261 | 245 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " + |
262 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
246 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
263 | 247 |
} catch (PermOrderException poe) { |
264 | 248 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
265 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
249 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
266 | 250 |
logMetacat.error(errorStr); |
267 | 251 |
throw new AccessException(errorStr); |
268 | 252 |
} finally { |
... | ... | |
275 | 259 |
* principal already exists, bitwise OR the permission to the existing |
276 | 260 |
* permission and update. |
277 | 261 |
* |
278 |
* @param id |
|
262 |
* @param guid
|
|
279 | 263 |
* document id |
280 | 264 |
* @param principalName |
281 | 265 |
* principal credentials |
... | ... | |
286 | 270 |
* @param permOrder |
287 | 271 |
* permission order |
288 | 272 |
*/ |
289 |
public void addXMLAccess(String id, String principalName, Long permission, String permType, |
|
273 |
public void addXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
290 | 274 |
String permOrder, String accessFileId, String subTreeId) throws AccessException, PermOrderException { |
291 | 275 |
|
292 |
permOrderConflict(id, permOrder); |
|
276 |
permOrderConflict(guid, permOrder);
|
|
293 | 277 |
|
294 | 278 |
Vector<XMLAccessDAO> xmlAccessList = |
295 |
getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
279 |
getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
296 | 280 |
|
297 | 281 |
// if more than one record exists for this principal on this document with the same |
298 | 282 |
// access type / access order combination, call cleanup to combine common access and then |
299 | 283 |
// re-retrieve the access list. |
300 | 284 |
if (xmlAccessList.size() == 0) { |
301 |
insertXMLAccess(id, principalName, permission, permType, permOrder, accessFileId, subTreeId); |
|
285 |
insertXMLAccess(guid, principalName, permission, permType, permOrder, accessFileId, subTreeId);
|
|
302 | 286 |
return; |
303 | 287 |
} |
304 | 288 |
|
305 | 289 |
if (xmlAccessList.size() > 1) { |
306 | 290 |
cleanupXMLAccessForPrincipal(xmlAccessList); |
307 |
xmlAccessList = getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
291 |
xmlAccessList = getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
308 | 292 |
} |
309 | 293 |
|
310 | 294 |
if (xmlAccessList.size() == 0) { |
311 | 295 |
throw new AccessException("XMLAccessAccess.addXMLAccess - xml access list is empty when " + |
312 |
"it shouldn't be for id: " + id + ", prinicpal name: " + principalName + ", perm type " + |
|
296 |
"it shouldn't be for id: " + guid + ", prinicpal name: " + principalName + ", perm type " +
|
|
313 | 297 |
permType + ", perm order: " + permOrder); |
314 | 298 |
} |
315 | 299 |
|
... | ... | |
319 | 303 |
//trying to add, update the access record with the existing permission bitwis OR-ed with our |
320 | 304 |
// new permission |
321 | 305 |
if ((xmlAccessDAO.getPermission() & permission) != permission) { |
322 |
updateXMLAccessPermission(id, principalName, xmlAccessDAO.getPermission() | permission); |
|
306 |
updateXMLAccessPermission(guid, principalName, xmlAccessDAO.getPermission() | permission);
|
|
323 | 307 |
} |
324 | 308 |
} |
325 | 309 |
|
... | ... | |
332 | 316 |
* @param xmlAccessList |
333 | 317 |
* list of xml access dao objects that hold new access for the document |
334 | 318 |
*/ |
335 |
public void replaceAccess(String id, List<XMLAccessDAO> xmlAccessList) throws AccessException { |
|
336 |
deleteXMLAccessForDoc(id); |
|
319 |
public void replaceAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
320 |
deleteXMLAccessForDoc(guid);
|
|
337 | 321 |
|
322 |
insertAccess(guid, xmlAccessList); |
|
323 |
} |
|
324 |
|
|
325 |
/** |
|
326 |
* Set permissions for a given document. This means first removing all access control for the |
|
327 |
* document and then adding the given rules. |
|
328 |
* |
|
329 |
* @param id |
|
330 |
* document id |
|
331 |
* @param xmlAccessList |
|
332 |
* list of xml access dao objects that hold new access for the document |
|
333 |
*/ |
|
334 |
public void insertAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException { |
|
335 |
|
|
338 | 336 |
// if more than one record exists for this principal on this document with the same |
339 | 337 |
// access type / access order combination, call cleanup to combine common access and then |
340 | 338 |
// re-retrieve the access list. |
341 | 339 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
342 |
insertXMLAccess(id, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(), |
|
340 |
insertXMLAccess(guid, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(),
|
|
343 | 341 |
xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder(), xmlAccessDAO.getAccessFileId(), xmlAccessDAO.getSubTreeId()); |
344 | 342 |
} |
345 | 343 |
} |
... | ... | |
360 | 358 |
* @param permOrder |
361 | 359 |
* permission order |
362 | 360 |
*/ |
363 |
private void insertXMLAccess(String id, String principalName, Long permission, String permType, |
|
361 |
private void insertXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
364 | 362 |
String permOrder, String accessFileId, String subTreeId) throws AccessException { |
365 | 363 |
//System.out.println("permission in insertXMLAccess: " + permission); |
366 | 364 |
try |
... | ... | |
376 | 374 |
logMetacat.warn(e.getMessage()); |
377 | 375 |
} |
378 | 376 |
|
379 |
if (id == null) { |
|
377 |
if (guid == null) {
|
|
380 | 378 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - id is required when " + |
381 | 379 |
"inserting XML access record"); |
382 | 380 |
} |
... | ... | |
405 | 403 |
serialNumber = conn.getCheckOutSerialNumber(); |
406 | 404 |
|
407 | 405 |
String sql = "INSERT INTO xml_access " + |
408 |
"(docid, guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " +
|
|
409 |
"VALUES (?,?,?,?,?,?,?,?)";
|
|
406 |
"(guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " + |
|
407 |
"VALUES (?,?,?,?,?,?,?)"; |
|
410 | 408 |
pstmt = conn.prepareStatement(sql); |
411 | 409 |
|
412 |
String guid = null; |
|
413 |
String docid = null; |
|
414 |
if (idAttribute.equals(GUID)) { |
|
415 |
guid = id; |
|
416 |
try { |
|
417 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
418 |
// Parse the localId into scope and rev parts, strip off the rev |
|
419 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
420 |
docid = acc.getDocid(); |
|
421 |
} catch (McdbDocNotFoundException e) { |
|
422 |
//ignore |
|
423 |
logMetacat.warn("No local id mapping found for guid: " + id); |
|
424 |
} catch (NumberFormatException e) { |
|
425 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
426 |
} catch (AccessionNumberException e) { |
|
427 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
428 |
} |
|
429 |
} else { |
|
430 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
431 |
try { |
|
432 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
433 |
} catch (McdbDocNotFoundException e) { |
|
434 |
//ignore |
|
435 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev); |
|
436 |
} |
|
437 |
docid = id; |
|
438 |
} |
|
439 | 410 |
|
440 | 411 |
// Bind the values to the query |
441 |
pstmt.setString(1, docid); |
|
442 |
pstmt.setString(2, guid); |
|
443 |
pstmt.setString(3, principalName); |
|
444 |
pstmt.setLong(4, permission); |
|
445 |
pstmt.setString(5, permType); |
|
446 |
pstmt.setString(6, permOrder); |
|
447 |
pstmt.setString(7, accessFileId); |
|
448 |
pstmt.setString(8, subTreeId); |
|
412 |
pstmt.setString(1, guid); |
|
413 |
pstmt.setString(2, principalName); |
|
414 |
pstmt.setLong(3, permission); |
|
415 |
pstmt.setString(4, permType); |
|
416 |
pstmt.setString(5, permOrder); |
|
417 |
pstmt.setString(6, accessFileId); |
|
418 |
pstmt.setString(7, subTreeId); |
|
449 | 419 |
|
450 | 420 |
String sqlReport = "XMLAccessAccess.insertXMLAccess - SQL: " + sql; |
451 |
sqlReport += " [" + docid + "," + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]";
|
|
421 |
sqlReport += " [" + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]"; |
|
452 | 422 |
|
453 | 423 |
logMetacat.info(sqlReport); |
454 | 424 |
|
455 | 425 |
pstmt.execute(); |
456 | 426 |
} catch (SQLException sqle) { |
457 | 427 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - SQL error when inserting" |
458 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
428 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
459 | 429 |
principalName + ":" + sqle.getMessage()); |
460 | 430 |
} finally { |
461 | 431 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
466 | 436 |
* Update existing xml access permissions in the db. The permission value should be the combined |
467 | 437 |
* value of pre-existing permissions plus new permissions. |
468 | 438 |
* |
469 |
* @param id |
|
439 |
* @param guid
|
|
470 | 440 |
* document id |
471 | 441 |
* @param principalName |
472 | 442 |
* principal credentials |
473 | 443 |
* @param permission |
474 | 444 |
* permission bitmap |
475 | 445 |
*/ |
476 |
private void updateXMLAccessPermission(String id, String principalName, Long permission) |
|
446 |
private void updateXMLAccessPermission(String guid, String principalName, Long permission)
|
|
477 | 447 |
throws AccessException { |
478 |
if (id == null) { |
|
448 |
if (guid == null) {
|
|
479 | 449 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - id is required when " + |
480 | 450 |
"updating XML access record"); |
481 | 451 |
} |
... | ... | |
497 | 467 |
serialNumber = conn.getCheckOutSerialNumber(); |
498 | 468 |
|
499 | 469 |
String sql = "UPDATE xml_access SET permission = ?" + |
500 |
"WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
470 |
"WHERE guid = ? AND principal_name = ?";
|
|
501 | 471 |
pstmt = conn.prepareStatement(sql); |
502 | 472 |
|
503 | 473 |
// Bind the values to the query |
504 | 474 |
pstmt.setLong(1, permission); |
505 |
pstmt.setString(2, id); |
|
475 |
pstmt.setString(2, guid);
|
|
506 | 476 |
pstmt.setString(3, principalName); |
507 | 477 |
|
508 | 478 |
String sqlReport = "XMLAccessAccess.updateXMLAccessPermission - SQL: " + sql; |
509 |
sqlReport += " [" + permission + "," + id + "," + principalName + "]"; |
|
479 |
sqlReport += " [" + permission + "," + guid + "," + principalName + "]";
|
|
510 | 480 |
|
511 | 481 |
logMetacat.info(sqlReport); |
512 | 482 |
|
513 | 483 |
pstmt.execute(); |
514 | 484 |
} catch (SQLException sqle) { |
515 | 485 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - SQL error when updating" |
516 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
486 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
517 | 487 |
principalName + ":" + sqle.getMessage()); |
518 | 488 |
} finally { |
519 | 489 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
526 | 496 |
* for a given document. If the provided permission is exactly the same as what |
527 | 497 |
* the principal has, the record is deleted from the database. |
528 | 498 |
* |
529 |
* @param id |
|
499 |
* @param guid
|
|
530 | 500 |
* document id |
531 | 501 |
* @param principalName |
532 | 502 |
* principal credentials |
533 | 503 |
*/ |
534 |
public void removeXMLAccessForPrincipal(String id, String principalName, Long permission) throws AccessException { |
|
535 |
if (id == null) { |
|
504 |
public void removeXMLAccessForPrincipal(String guid, String principalName, Long permission) throws AccessException {
|
|
505 |
if (guid == null) {
|
|
536 | 506 |
throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - id is required when " + |
537 | 507 |
"removing XML access"); |
538 | 508 |
} |
... | ... | |
545 | 515 |
"updating XML access"); |
546 | 516 |
} |
547 | 517 |
|
548 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(id, principalName); |
|
518 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(guid, principalName);
|
|
549 | 519 |
if (xmlAccessList.size() == 0) { |
550 | 520 |
logMetacat.warn("XMLAccessAccess.removeXMLAccessForPrincipal - attempting to remove access when no " + |
551 |
"access record exists for id: " + id + ", principal: " + principalName); |
|
521 |
"access record exists for id: " + guid + ", principal: " + principalName);
|
|
552 | 522 |
} else { |
553 | 523 |
long permissionMask = 0; |
554 | 524 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
... | ... | |
559 | 529 |
// in this case, the only existing permissions are the ones we want to remove, so |
560 | 530 |
// delete the record(s) for this principal on this document |
561 | 531 |
if ((permissionMask & permission) == permission) { |
562 |
deleteXMLAccessForPrincipal(id, principalName); |
|
532 |
deleteXMLAccessForPrincipal(guid, principalName);
|
|
563 | 533 |
} |
564 | 534 |
|
565 | 535 |
if (xmlAccessList.size() > 1) { |
566 | 536 |
|
567 | 537 |
} else { |
568 |
updateXMLAccessPermission(id, principalName, permission); |
|
538 |
updateXMLAccessPermission(guid, principalName, permission);
|
|
569 | 539 |
} |
570 | 540 |
} |
571 | 541 |
|
... | ... | |
577 | 547 |
* @param id |
578 | 548 |
* document id |
579 | 549 |
*/ |
580 |
public void deleteXMLAccessForDoc(String id) throws AccessException { |
|
581 |
if (id == null) { |
|
550 |
public void deleteXMLAccessForDoc(String guid) throws AccessException {
|
|
551 |
if (guid == null) {
|
|
582 | 552 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
583 | 553 |
"deleting XML access record"); |
584 | 554 |
} |
... | ... | |
588 | 558 |
int serialNumber = -1; |
589 | 559 |
try { |
590 | 560 |
|
591 |
String guid = null; |
|
592 |
String docid = null; |
|
593 |
if (idAttribute.equals(GUID)) { |
|
594 |
guid = id; |
|
595 |
try { |
|
596 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
597 |
// Parse the localId into scope and rev parts, strip off the rev |
|
598 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
599 |
docid = acc.getDocid(); |
|
600 |
} catch (McdbDocNotFoundException e) { |
|
601 |
//ignore |
|
602 |
logMetacat.warn("No local id mapping found for guid: " + id); |
|
603 |
} catch (NumberFormatException e) { |
|
604 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
605 |
} catch (AccessionNumberException e) { |
|
606 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
607 |
} |
|
608 |
} else { |
|
609 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
610 |
try { |
|
611 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
612 |
} catch (McdbDocNotFoundException e) { |
|
613 |
//ignore |
|
614 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev); |
|
615 |
} |
|
616 |
docid = id; |
|
617 |
} |
|
618 |
|
|
619 | 561 |
// check out DBConnection |
620 | 562 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc"); |
621 | 563 |
serialNumber = conn.getCheckOutSerialNumber(); |
622 | 564 |
|
623 |
String sql = "DELETE FROM xml_access WHERE docid = ? OR guid = ?";
|
|
565 |
String sql = "DELETE FROM xml_access WHERE guid = ?"; |
|
624 | 566 |
pstmt = conn.prepareStatement(sql); |
625 | 567 |
|
626 | 568 |
// Bind the values to the query |
627 |
pstmt.setString(1, docid); |
|
628 |
pstmt.setString(2, guid); |
|
569 |
pstmt.setString(1, guid); |
|
629 | 570 |
|
630 |
|
|
631 | 571 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
632 |
sqlReport += " [" + id + "]"; |
|
572 |
sqlReport += " [" + guid + "]";
|
|
633 | 573 |
|
634 | 574 |
logMetacat.info(sqlReport); |
635 | 575 |
|
636 | 576 |
pstmt.execute(); |
637 | 577 |
} catch (SQLException sqle) { |
638 | 578 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting" |
639 |
+ "xml access permissions for id: " + id + ":" + sqle.getMessage()); |
|
579 |
+ "xml access permissions for id: " + guid + ":" + sqle.getMessage());
|
|
640 | 580 |
} finally { |
641 | 581 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
642 | 582 |
} |
... | ... | |
646 | 586 |
* Delete xml access. This removes all access records from the database for a principal |
647 | 587 |
* for a given document |
648 | 588 |
* |
649 |
* @param id |
|
589 |
* @param guid
|
|
650 | 590 |
* document id |
651 | 591 |
* @param principal |
652 | 592 |
* principal credentials |
653 | 593 |
*/ |
654 |
private void deleteXMLAccessForPrincipal(String id, String principalName) throws AccessException { |
|
655 |
if (id == null) { |
|
594 |
private void deleteXMLAccessForPrincipal(String guid, String principalName) throws AccessException {
|
|
595 |
if (guid == null) {
|
|
656 | 596 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
657 | 597 |
"deleting XML access record"); |
658 | 598 |
} |
... | ... | |
669 | 609 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal"); |
670 | 610 |
serialNumber = conn.getCheckOutSerialNumber(); |
671 | 611 |
|
672 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
612 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
673 | 613 |
pstmt = conn.prepareStatement(sql); |
674 | 614 |
|
675 | 615 |
// Bind the values to the query |
676 |
pstmt.setString(1, id); |
|
616 |
pstmt.setString(1, guid);
|
|
677 | 617 |
pstmt.setString(2, principalName); |
678 | 618 |
|
679 | 619 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
680 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
620 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
681 | 621 |
|
682 | 622 |
logMetacat.info(sqlReport); |
683 | 623 |
|
684 | 624 |
pstmt.execute(); |
685 | 625 |
} catch (SQLException sqle) { |
686 | 626 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting" |
687 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
627 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
688 | 628 |
principalName + ":" + sqle.getMessage()); |
689 | 629 |
} finally { |
690 | 630 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
692 | 632 |
} |
693 | 633 |
|
694 | 634 |
/** |
635 |
* Delete xml access. This removes all access records from the database for a principal |
|
636 |
* for a given document |
|
637 |
* |
|
638 |
* @param guid |
|
639 |
* document id |
|
640 |
* @param principal |
|
641 |
* principal credentials |
|
642 |
*/ |
|
643 |
public void deleteXMLAccessForDoc(String guid, String permType) throws AccessException { |
|
644 |
if (guid == null) { |
|
645 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - id is required when " + |
|
646 |
"deleting XML access record"); |
|
647 |
} |
|
648 |
if (permType == null) { |
|
649 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - permType is required when " + |
|
650 |
"deleting XML access record"); |
|
651 |
} |
|
652 |
|
|
653 |
PreparedStatement pstmt = null; |
|
654 |
DBConnection conn = null; |
|
655 |
int serialNumber = -1; |
|
656 |
try { |
|
657 |
// check out DBConnection |
|
658 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc"); |
|
659 |
serialNumber = conn.getCheckOutSerialNumber(); |
|
660 |
|
|
661 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND perm_type = ?"; |
|
662 |
pstmt = conn.prepareStatement(sql); |
|
663 |
|
|
664 |
// Bind the values to the query |
|
665 |
pstmt.setString(1, guid); |
|
666 |
pstmt.setString(2, permType); |
|
667 |
|
|
668 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
|
669 |
sqlReport += " [" + guid + "," + permType + "]"; |
|
670 |
|
|
671 |
logMetacat.info(sqlReport); |
|
672 |
|
|
673 |
pstmt.execute(); |
|
674 |
} catch (SQLException sqle) { |
|
675 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting" |
|
676 |
+ "xml access permissions for id: " + guid + ", permType: " + |
|
677 |
permType + ":" + sqle.getMessage()); |
|
678 |
} finally { |
|
679 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
|
680 |
} |
|
681 |
} |
|
682 |
|
|
683 |
/** |
|
695 | 684 |
* Checks to see if there is a permission order conflict for a given document. Each |
696 | 685 |
* document is only allowed to have a single permission order |
697 | 686 |
* |
698 |
* @param id |
|
687 |
* @param guid
|
|
699 | 688 |
* document id |
700 | 689 |
* @param principal |
701 | 690 |
* principal credentials |
702 | 691 |
*/ |
703 |
private void permOrderConflict(String id, String permOrder) throws AccessException, PermOrderException { |
|
704 |
if (id == null) { |
|
692 |
private void permOrderConflict(String guid, String permOrder) throws AccessException, PermOrderException {
|
|
693 |
if (guid == null) {
|
|
705 | 694 |
throw new AccessException("XMLAccessAccess.permOrderConflict - id is required when " + |
706 | 695 |
"determining perm order conflict"); |
707 | 696 |
} |
... | ... | |
718 | 707 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.permOrderConflict"); |
719 | 708 |
serialNumber = conn.getCheckOutSerialNumber(); |
720 | 709 |
|
721 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND perm_order != ?";
|
|
710 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND perm_order != ?";
|
|
722 | 711 |
pstmt = conn.prepareStatement(sql); |
723 | 712 |
|
724 | 713 |
// Bind the values to the query |
725 |
pstmt.setString(1, id); |
|
714 |
pstmt.setString(1, guid);
|
|
726 | 715 |
pstmt.setString(2, permOrder); |
727 | 716 |
|
728 | 717 |
String sqlReport = "XMLAccessAccess.permOrderConflict - SQL: " + sql; |
729 |
sqlReport += " [" + id + "," + permOrder + "]"; |
|
718 |
sqlReport += " [" + guid + "," + permOrder + "]";
|
|
730 | 719 |
|
731 | 720 |
logMetacat.info(sqlReport); |
732 | 721 |
|
... | ... | |
735 | 724 |
ResultSet resultSet = pstmt.getResultSet(); |
736 | 725 |
if (resultSet.next()) { |
737 | 726 |
throw new PermOrderException("XMLAccessAccess.addXMLAccess - cannot add permission " + |
738 |
"record for id: " + id + "with permOrder: " + permOrder + " due to permOrder conflict"); |
|
727 |
"record for id: " + guid + "with permOrder: " + permOrder + " due to permOrder conflict");
|
|
739 | 728 |
} |
740 | 729 |
} catch (SQLException sqle) { |
741 | 730 |
throw new AccessException("XMLAccessAccess.permOrderConflict - SQL error when checking" |
742 |
+ "for perm order conflict on: " + id + ":" + sqle.getMessage()); |
|
731 |
+ "for perm order conflict on: " + guid + ":" + sqle.getMessage());
|
|
743 | 732 |
} finally { |
744 | 733 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
745 | 734 |
} |
... | ... | |
750 | 739 |
* Delete xml access. This removes all access records from the database for a principal |
751 | 740 |
* for a given document, perm type and perm order |
752 | 741 |
* |
753 |
* @param id |
|
742 |
* @param guid
|
|
754 | 743 |
* document id |
755 | 744 |
* @param principal |
756 | 745 |
* principal credentials |
757 | 746 |
*/ |
758 |
private void deleteXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) throws AccessException { |
|
759 |
if (id == null) { |
|
747 |
private void deleteXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder) throws AccessException {
|
|
748 |
if (guid == null) {
|
|
760 | 749 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
761 | 750 |
"deleting XML access record"); |
762 | 751 |
} |
... | ... | |
783 | 772 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal"); |
784 | 773 |
serialNumber = conn.getCheckOutSerialNumber(); |
785 | 774 |
|
786 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
775 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
787 | 776 |
"AND perm_type = ? AND perm_order = ?"; |
788 | 777 |
pstmt = conn.prepareStatement(sql); |
789 | 778 |
|
790 | 779 |
// Bind the values to the query |
791 |
pstmt.setString(1, id); |
|
780 |
pstmt.setString(1, guid);
|
|
792 | 781 |
pstmt.setString(2, principalName); |
793 | 782 |
pstmt.setString(3, permType); |
794 | 783 |
pstmt.setString(4, permOrder); |
795 | 784 |
|
796 | 785 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
797 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
786 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
798 | 787 |
|
799 | 788 |
logMetacat.info(sqlReport); |
800 | 789 |
|
801 | 790 |
pstmt.execute(); |
802 | 791 |
} catch (SQLException sqle) { |
803 | 792 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting" |
804 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
793 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
805 | 794 |
principalName + ":" + sqle.getMessage()); |
806 | 795 |
} finally { |
807 | 796 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
822 | 811 |
int numDenyRecords = 0; |
823 | 812 |
long allowPermissionMask = 0; |
824 | 813 |
long denyPermissionMask = 0; |
825 |
String id = null; |
|
814 |
String guid = null;
|
|
826 | 815 |
String principalName = null; |
827 | 816 |
String permType = null; |
828 | 817 |
String permOrder = null; |
... | ... | |
834 | 823 |
// iterate through the list of access dao objects and bttwise or the permissions. Most |
835 | 824 |
// of this is just doing some error checking to make sure each record is valid. |
836 | 825 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
837 |
String daoId = xmlAccessDAO.getDocId(); |
|
838 |
if (idAttribute.equals(GUID)) { |
|
839 |
daoId = xmlAccessDAO.getGuid(); |
|
840 |
} |
|
841 |
if (id == null) { |
|
842 |
id = daoId; |
|
826 |
String daoId = xmlAccessDAO.getGuid(); |
|
827 |
if (guid == null) { |
|
828 |
guid = daoId; |
|
843 | 829 |
} else { |
844 |
if (!id.equals(daoId)) { |
|
830 |
if (!guid.equals(daoId)) {
|
|
845 | 831 |
throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " + |
846 |
" Conflicting ids " + daoId + " and " + id); |
|
832 |
" Conflicting ids " + daoId + " and " + guid);
|
|
847 | 833 |
} |
848 | 834 |
} |
849 | 835 |
if (principalName == null) { |
... | ... | |
900 | 886 |
// if there was more than one allow record, remove all allow records for this user on this doc |
901 | 887 |
// with this perm type and perm order then insert a single record |
902 | 888 |
if (numAllowRecords > 1) { |
903 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.ALLOW, permOrder); |
|
904 |
insertXMLAccess(id, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId); |
|
889 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.ALLOW, permOrder);
|
|
890 |
insertXMLAccess(guid, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId);
|
|
905 | 891 |
} |
906 | 892 |
// if there was more than one deny record, remove all deny records for this user on this doc |
907 | 893 |
// with this perm type and perm order then insert a single record |
908 | 894 |
if (numDenyRecords > 1) { |
909 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.DENY, permOrder); |
|
910 |
insertXMLAccess(id, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId); |
|
895 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.DENY, permOrder);
|
|
896 |
insertXMLAccess(guid, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId);
|
|
911 | 897 |
} |
912 | 898 |
} |
913 | 899 |
|
... | ... | |
921 | 907 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException { |
922 | 908 |
String permOrder = null; |
923 | 909 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
924 |
String daoId = xmlAccessDAO.getDocId(); |
|
925 |
if (idAttribute.equals(GUID)) { |
|
926 |
daoId = xmlAccessDAO.getGuid(); |
|
927 |
} |
|
910 |
String daoId = xmlAccessDAO.getGuid(); |
|
928 | 911 |
if (permOrder == null) { |
929 | 912 |
permOrder = xmlAccessDAO.getPermOrder(); |
930 | 913 |
} else { |
... | ... | |
949 | 932 |
|
950 | 933 |
boolean allowFirst = false; |
951 | 934 |
boolean denyFirst = false; |
952 |
String id = null; |
|
935 |
String guid = null;
|
|
953 | 936 |
|
954 | 937 |
// These vectors will hold all combinations of access DAOs with different permission |
955 | 938 |
// orders and permission types. |
... | ... | |
960 | 943 |
|
961 | 944 |
// sort the access dao records into the appropriate vector |
962 | 945 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
963 |
String daoId = xmlAccessDAO.getDocId();
|
|
964 |
if (idAttribute.equals(GUID)) {
|
|
965 |
daoId = xmlAccessDAO.getGuid();
|
|
946 |
String daoId = xmlAccessDAO.getGuid();
|
|
947 |
if (guid == null) {
|
|
948 |
guid = daoId;
|
|
966 | 949 |
} |
967 |
if (id == null) { |
|
968 |
id = daoId; |
|
969 |
} |
|
970 | 950 |
if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.ALLOWFIRST)) { |
971 | 951 |
allowFirst = true; |
972 | 952 |
if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) { |
... | ... | |
1000 | 980 |
// document |
1001 | 981 |
if(allowFirst && denyFirst) { |
1002 | 982 |
throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " + |
1003 |
" Conflicting permission orders for document " + id + |
|
983 |
" Conflicting permission orders for document " + guid +
|
|
1004 | 984 |
". Database intervention required "); |
1005 | 985 |
} |
1006 | 986 |
} |
... | ... | |
1015 | 995 |
protected XMLAccessDAO populateDAO(ResultSet resultSet) throws SQLException { |
1016 | 996 |
|
1017 | 997 |
XMLAccessDAO xmlAccessDAO = new XMLAccessDAO(); |
1018 |
xmlAccessDAO.setDocId(resultSet.getString(idAttribute));
|
|
998 |
xmlAccessDAO.setGuid(resultSet.getString("guid"));
|
|
1019 | 999 |
xmlAccessDAO.setAccessFileId(resultSet.getString("accessfileid")); |
1020 | 1000 |
xmlAccessDAO.setPrincipalName(resultSet.getString("principal_name")); |
1021 | 1001 |
xmlAccessDAO.setPermission(resultSet.getLong("permission")); |
src/edu/ucsb/nceas/metacat/accesscontrol/XMLAccessDAO.java | ||
---|---|---|
39 | 39 |
*/ |
40 | 40 |
public class XMLAccessDAO extends BaseDAO { |
41 | 41 |
|
42 |
private String _docId = null; |
|
43 | 42 |
private String _guid = null; |
44 | 43 |
private String _accessFileId = null; |
45 | 44 |
private String _principalName = null; |
... | ... | |
52 | 51 |
private String _subTreeId = null; |
53 | 52 |
private String _startNodeId = null; |
54 | 53 |
private String _endNodeId = null; |
55 |
|
|
56 |
public String getDocId() { |
|
57 |
return _docId; |
|
58 |
} |
|
59 | 54 |
|
60 |
public void setDocId(String docId) { |
|
61 |
if (docId != null && docId.equals("")) { |
|
62 |
docId = null; |
|
63 |
} else { |
|
64 |
_docId = docId; |
|
65 |
} |
|
66 |
} |
|
67 |
|
|
68 | 55 |
public String getGuid() { |
69 | 56 |
return _guid; |
70 | 57 |
} |
src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java | ||
---|---|---|
42 | 42 |
import org.xml.sax.XMLReader; |
43 | 43 |
import org.xml.sax.helpers.XMLReaderFactory; |
44 | 44 |
|
45 |
import edu.ucsb.nceas.metacat.DBUtil; |
|
45 | 46 |
import edu.ucsb.nceas.metacat.DocInfoHandler; |
47 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
48 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
46 | 49 |
import edu.ucsb.nceas.metacat.McdbException; |
47 | 50 |
import edu.ucsb.nceas.metacat.PermissionController; |
48 | 51 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
... | ... | |
61 | 64 |
public class AccessControlForSingleFile implements AccessControlInterface |
62 | 65 |
{ |
63 | 66 |
|
64 |
private String _docId; |
|
67 |
private String _guid; |
|
68 |
|
|
65 | 69 |
private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class); |
66 |
|
|
67 | 70 |
|
68 | 71 |
/** |
69 | 72 |
* Construct an instance of the AccessControlForSingleFile class. This |
... | ... | |
75 | 78 |
public AccessControlForSingleFile(String accessionNumber) |
76 | 79 |
throws AccessControlException { |
77 | 80 |
|
78 |
// Get rid of dev if myaccessNumber has one; |
|
79 |
_docId = DocumentUtil.getDocIdFromString(accessionNumber); |
|
80 |
if (_docId == null || _docId.equals("")) { |
|
81 |
throw new AccessControlException("AccessControlForSingleFile() - Accession number " |
|
82 |
+ "can't be null in constructor"); |
|
81 |
// this is a local metacat id |
|
82 |
String docid = DocumentUtil.getDocIdFromString(accessionNumber); |
|
83 |
// get the revision |
|
84 |
String revision = DocumentUtil.getRevisionStringFromString(accessionNumber); |
|
85 |
int rev = -1; |
|
86 |
if (revision != null) { |
|
87 |
// we were given it |
|
88 |
rev = Integer.valueOf(revision); |
|
89 |
} else { |
|
90 |
// look up the latest |
|
91 |
try { |
|
92 |
rev = DBUtil.getLatestRevisionInDocumentTable(docid); |
|
93 |
} catch (SQLException e) { |
|
94 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
95 |
ace.initCause(e); |
|
96 |
throw ace; |
|
97 |
} |
|
98 |
if (rev <= 0) { |
|
99 |
// look in the revisions table |
|
100 |
try { |
|
101 |
rev = DBUtil.getMaxRevFromRevisionTable(docid); |
|
102 |
} catch (SQLException e) { |
|
103 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
104 |
ace.initCause(e); |
|
105 |
throw ace; |
|
106 |
} |
|
107 |
} |
|
83 | 108 |
} |
109 |
|
|
110 |
// find the guid for this docid.rev |
|
111 |
try { |
|
112 |
_guid = IdentifierManager.getInstance().getGUID(docid, rev); |
|
113 |
} catch (McdbDocNotFoundException e) { |
|
114 |
AccessControlException ace = new AccessControlException(e.getMessage()); |
|
115 |
ace.initCause(e); |
|
116 |
throw ace; |
|
117 |
} |
|
118 |
|
|
119 |
// couldn't find it? |
|
120 |
if (_guid == null || _guid.equals("")) { |
|
121 |
throw new AccessControlException("Guid cannot be null"); |
|
122 |
} |
|
84 | 123 |
|
85 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _docId);
|
|
124 |
logMetacat.debug("AccessControlForSingleFile() - docid: " + _guid);
|
|
86 | 125 |
} |
87 | 126 |
|
88 | 127 |
/** |
... | ... | |
118 | 157 |
// doc id. |
119 | 158 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
120 | 159 |
//System.out.println("permission in accessControlForSingleFile.insertPermissions: " + permission); |
121 |
xmlAccessAccess.addXMLAccess(_docId, principalName, new Long(permission), permType, permOrder, accessFileId, subTreeId);
|
|
160 |
xmlAccessAccess.addXMLAccess(_guid, principalName, new Long(permission), permType, permOrder, accessFileId, subTreeId);
|
|
122 | 161 |
} catch (AccessException ae) { |
123 | 162 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - " |
124 | 163 |
+ "DB access error when inserting permissions: " + ae.getMessage()); |
... | ... | |
137 | 176 |
try { |
138 | 177 |
// use DocInfoHandler to parse the access section into DAO objects |
139 | 178 |
XMLReader parser = null; |
140 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_docId);
|
|
179 |
DocInfoHandler docInfoHandler = new DocInfoHandler(_guid);
|
|
141 | 180 |
ContentHandler chandler = docInfoHandler; |
142 | 181 |
|
143 | 182 |
// Get an instance of the parser |
... | ... | |
155 | 194 |
|
156 | 195 |
// replace all access on the document |
157 | 196 |
Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList(); |
158 |
xmlAccessAccess.replaceAccess(_docId, accessControlList);
|
|
197 |
xmlAccessAccess.replaceAccess(_guid, accessControlList);
|
|
159 | 198 |
|
160 | 199 |
} catch (PropertyNotFoundException pnfe) { |
161 | 200 |
throw new AccessControlException("AccessControlForSingleFile.insertPermissions - " |
... | ... | |
199 | 238 |
"AND perm_order = ? "); |
200 | 239 |
|
201 | 240 |
// Bind the values to the query |
202 |
pstmt.setString(1, _docId);
|
|
241 |
pstmt.setString(1, _guid);
|
|
203 | 242 |
pstmt.setString(2, xmlAccessDAO.getPrincipalName()); |
204 | 243 |
pstmt.setLong(3, xmlAccessDAO.getPermission()); |
205 | 244 |
pstmt.setString(4, xmlAccessDAO.getPermType()); |
... | ... | |
246 | 285 |
try { |
247 | 286 |
hasPermission = isOwned(user); |
248 | 287 |
if (!hasPermission) { |
249 |
PermissionController controller = new PermissionController(_docId);
|
|
288 |
PermissionController controller = new PermissionController(_guid);
|
|
250 | 289 |
hasPermission = |
251 | 290 |
controller.hasPermission(user, groups, READSTRING); |
252 | 291 |
} |
... | ... | |
257 | 296 |
if (hasPermission) { |
258 | 297 |
// Get a list of all access dao objects for this docid |
259 | 298 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
260 |
Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
|
|
299 |
Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
|
|
261 | 300 |
output.append(getAccessString(xmlAccessDAOList)); |
262 | 301 |
} else { |
263 | 302 |
output.append(getAccessString(new Vector<XMLAccessDAO>())); |
... | ... | |
288 | 327 |
try { |
289 | 328 |
// Get a list of all access dao objects for this docid |
290 | 329 |
XMLAccessAccess xmlAccessAccess = new XMLAccessAccess(); |
291 |
xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_docId);
|
|
330 |
xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
|
|
292 | 331 |
} catch (AccessException ae) { |
293 | 332 |
throw new AccessControlException("AccessControlForSingleFile.getAccessString() - DB access error when " + |
294 | 333 |
"getting access string: " + ae.getMessage()); |
... | ... | |
324 | 363 |
subtreeid = xmlAccessDAOList.get(0).getSubTreeId(); |
325 | 364 |
} |
326 | 365 |
|
327 |
output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _docId + "\" scope=\"document\"");
|
|
366 |
output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + _guid + "\" scope=\"document\"");
|
|
328 | 367 |
if (accessfileid != null) { |
329 | 368 |
output.append(" accessfileid=\"" + accessfileid + "\""); |
330 | 369 |
} |
... | ... | |
398 | 437 |
serialNumber = conn.getCheckOutSerialNumber(); |
399 | 438 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " |
400 | 439 |
+ "WHERE docid = ? " + "AND user_owner = ?"); |
401 |
pstmt.setString(1, _docId);
|
|
440 |
pstmt.setString(1, _guid);
|
|
402 | 441 |
pstmt.setString(2, user); |
403 | 442 |
pstmt.execute(); |
404 | 443 |
ResultSet rs = pstmt.getResultSet(); |
src/edu/ucsb/nceas/metacat/clientview/ClientViewHelper.java | ||
---|---|---|
15 | 15 |
import com.oreilly.servlet.multipart.Part; |
16 | 16 |
|
17 | 17 |
import edu.ucsb.nceas.metacat.DocInfoHandler; |
18 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
19 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
18 | 20 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlException; |
19 | 21 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlForSingleFile; |
20 | 22 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlInterface; |
... | ... | |
505 | 507 |
} |
506 | 508 |
|
507 | 509 |
private String setPublicAccess(String permissionType, String metaDocId, Stack docIdStack) |
508 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException{ |
|
510 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException, McdbDocNotFoundException{
|
|
509 | 511 |
String result = " for Documents "; |
510 | 512 |
String docId, lst = metaDocId, permOrder; |
511 | 513 |
|
... | ... | |
534 | 536 |
* Second, remove all access rules of the user public, then add the new rules. |
535 | 537 |
*/ |
536 | 538 |
private void setPublicReadAccess(String permissionType, String docid) |
537 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException{ |
|
539 |
throws InsufficientKarmaException, MetacatException, MetacatInaccessibleException, AccessControlException, McdbDocNotFoundException{
|
|
538 | 540 |
String originalAccessBlock = getMetacatClient().getAccessControl(docid); |
539 | 541 |
Vector<XMLAccessDAO> accessList = parseAccessXMLBlock(docid, originalAccessBlock); |
540 | 542 |
if(accessList != null && !accessList.isEmpty()) { |
... | ... | |
607 | 609 |
* Populate xmlAccessDAO object with the some parameters. |
608 | 610 |
*/ |
609 | 611 |
private XMLAccessDAO generateXMLAccessDAO(String docid, String principalName, |
610 |
String permission, String permType, String permOrder) { |
|
611 |
String identifier = DocumentUtil.getDocIdFromString(docid); |
|
612 |
String permission, String permType, String permOrder) throws McdbDocNotFoundException { |
|
613 |
String localId = DocumentUtil.getDocIdFromString(docid); |
|
614 |
int rev = DocumentUtil.getRevisionFromAccessionNumber(docid); |
|
615 |
String identifier = IdentifierManager.getInstance().getGUID(localId, rev); |
|
612 | 616 |
XMLAccessDAO xmlAccessDAO = new XMLAccessDAO(); |
613 |
xmlAccessDAO.setDocId(identifier);
|
|
617 |
xmlAccessDAO.setGuid(identifier);
|
|
614 | 618 |
xmlAccessDAO.setPrincipalName(principalName); |
615 | 619 |
xmlAccessDAO.setPermission(Integer.valueOf(AccessControlList.intValue(permission)).longValue()); |
616 | 620 |
xmlAccessDAO.setPermType(permType); |
src/edu/ucsb/nceas/metacat/PermissionController.java | ||
---|---|---|
53 | 53 |
|
54 | 54 |
public class PermissionController |
55 | 55 |
{ |
56 |
private String docId = null; |
|
56 |
// private String docId = null; |
|
57 |
// private int rev = -1; |
|
58 |
|
|
59 |
private String guid = null; |
|
60 |
|
|
57 | 61 |
private boolean hasSubTreeAccessControl = false; // flag if has a subtree |
58 | 62 |
// access for this docid |
59 | 63 |
private Vector subTreeList = new Vector(); |
... | ... | |
64 | 68 |
private static Logger logMetacat = Logger.getLogger(PermissionController.class); |
65 | 69 |
|
66 | 70 |
/** |
67 |
* Constructor for PermissionController |
|
68 |
* @param myDocid the docid need to access |
|
69 |
*/ |
|
70 |
public PermissionController(String myDocid) throws McdbException |
|
71 |
{ |
|
72 |
// Get rid of rev number |
|
73 |
docId = DocumentUtil.getSmartDocId(myDocid); |
|
74 |
//hasSubTreeAccessControl = checkSubTreeAccessControl(); |
|
75 |
} |
|
71 |
* Constructor for PermissionController |
|
72 |
* |
|
73 |
* @param myDocid the docid need to access |
|
74 |
*/ |
|
75 |
public PermissionController(String myDocid) throws McdbException { |
|
76 | 76 |
|
77 |
/** |
|
78 |
* Constructor for PermssionController |
|
79 |
* @param myDocid String |
|
80 |
* @param needDeleteRev boolean |
|
81 |
*/ |
|
82 |
public PermissionController(String myDocid, boolean needDeleteRevFromDocid) |
|
83 |
{ |
|
84 |
if (!needDeleteRevFromDocid) |
|
85 |
{ |
|
86 |
docId = myDocid; |
|
87 |
} |
|
88 |
else |
|
89 |
{ |
|
90 |
docId = DocumentUtil.getDocIdFromAccessionNumber(myDocid); |
|
91 |
} |
|
92 |
} |
|
77 |
// find the guid if we can |
|
78 |
String docId = null; |
|
79 |
int rev = -1; |
|
93 | 80 |
|
81 |
// get the parts |
|
82 |
docId = DocumentUtil.getSmartDocId(myDocid); |
|
83 |
rev = DocumentUtil.getRevisionFromAccessionNumber(myDocid); |
|
84 |
|
|
85 |
// this is what we really want |
|
86 |
guid = IdentifierManager.getInstance().getGUID(docId, rev); |
|
87 |
|
|
88 |
} |
|
89 |
|
|
94 | 90 |
/** |
95 | 91 |
* Return if a document has subtree access control |
96 | 92 |
*/ |
... | ... | |
147 | 143 |
//if the requested document is access documents and requested permission |
148 | 144 |
//is "write", the user should have "all" right |
149 | 145 |
|
150 |
if (isAccessDocument(docId) && (permission == AccessControlInterface.WRITE))
|
|
146 |
if (isAccessDocument() && (permission == AccessControlInterface.WRITE)) |
|
151 | 147 |
{ |
152 | 148 |
|
153 |
hasPermission = hasPermission(userPackage,docId, 7);// 7 is all permission
|
|
149 |
hasPermission = hasPermission(userPackage, 7);// 7 is all permission |
|
154 | 150 |
}//if |
155 | 151 |
else //in other situation, just check the request permission |
156 | 152 |
{ |
157 | 153 |
// Check for @permission on @docid for @user and/or @groups |
158 |
hasPermission = hasPermission(userPackage,docId, permission);
|
|
154 |
hasPermission = hasPermission(userPackage, permission); |
|
159 | 155 |
}//else |
160 | 156 |
|
161 | 157 |
return hasPermission; |
... | ... | |
169 | 165 |
* @param docid, document identifier to check on |
170 | 166 |
* @param permission, permission (write or all...) to check for |
171 | 167 |
*/ |
172 |
private boolean hasPermission(String [] principals, String docId, |
|
173 |
int permission) |
|
168 |
private boolean hasPermission(String [] principals, int permission) |
|
174 | 169 |
throws SQLException |
175 | 170 |
{ |
176 | 171 |
long startId = TOPLEVELSTARTNODEID;// this is for top level, so startid is 0 |
... | ... | |
178 | 173 |
{ |
179 | 174 |
//first, if there is a docid owner in user package, return true |
180 | 175 |
//because doc owner has all permssion |
181 |
if (containDocumentOwner(principals, docId))
|
|
176 |
if (containDocumentOwner(principals)) |
|
182 | 177 |
{ |
183 | 178 |
|
184 | 179 |
return true; |
... | ... | |
186 | 181 |
|
187 | 182 |
//If there is no owner in user package, checking the table |
188 | 183 |
//check perm_order |
189 |
if (isAllowFirst(principals, docId, startId))
|
|
184 |
if (isAllowFirst(principals, startId)) |
|
190 | 185 |
{ |
191 | 186 |
|
192 |
if (hasExplicitDenyRule(principals, docId, permission, startId))
|
|
187 |
if (hasExplicitDenyRule(principals, permission, startId)) |
|
193 | 188 |
{ |
194 | 189 |
//if it is allowfirst and has deny rule(either explicit ) |
195 | 190 |
//deny access |
196 | 191 |
|
197 | 192 |
return false; |
198 | 193 |
}//if |
199 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
194 |
else if ( hasAllowRule(principals, permission, startId)) |
|
200 | 195 |
{ |
201 | 196 |
//if it is allowfirst and hasn't deny rule and has allow rule |
202 | 197 |
//allow access |
... | ... | |
212 | 207 |
}//if isAllowFirst |
213 | 208 |
else //denyFirst |
214 | 209 |
{ |
215 |
if (hasAllowRule(principals, docId, permission, startId))
|
|
210 |
if (hasAllowRule(principals, permission, startId)) |
|
216 | 211 |
{ |
217 | 212 |
//if it is denyFirst and has allow rule, allow access |
218 | 213 |
return true; |
... | ... | |
251 | 246 |
// from inlinedataId directly. You should get it from eml document itself |
252 | 247 |
String []userPackage = createUsersPackage(user, groups); |
253 | 248 |
try { |
254 |
if (containDocumentOwner(userPackage, docId))
|
|
249 |
if (containDocumentOwner(userPackage)) |
|
255 | 250 |
{ |
256 | 251 |
return true; |
257 | 252 |
} |
258 | 253 |
else |
259 | 254 |
{ |
260 |
PermissionController controller = |
|
261 |
new PermissionController(inlineDataId, false); |
|
255 |
// is a funky inline data id with the extra part, so we set it manually |
|
256 |
PermissionController controller = new PermissionController(guid); |
|
257 |
controller.guid = inlineDataId; |
|
262 | 258 |
return controller.hasPermission(user, groups, myPermission); |
263 | 259 |
} |
264 | 260 |
} catch (SQLException e) { |
... | ... | |
318 | 314 |
//for the document owner return null(no unaccessable subtree) |
319 | 315 |
try |
320 | 316 |
{ |
321 |
if (containDocumentOwner(principals, docId))
|
|
317 |
if (containDocumentOwner(principals)) |
|
322 | 318 |
{ |
323 | 319 |
return resultUnaccessableSubTree; |
324 | 320 |
} |
... | ... | |
337 | 333 |
|
338 | 334 |
try |
339 | 335 |
{ |
340 |
if (isAllowFirst(principals, docId, startId))
|
|
336 |
if (isAllowFirst(principals, startId)) |
|
341 | 337 |
{ |
342 | 338 |
|
343 |
if (hasExplicitDenyRule(principals, docId, permission, startId ))
|
|
339 |
if (hasExplicitDenyRule(principals, permission, startId )) |
|
344 | 340 |
{ |
345 | 341 |
|
346 | 342 |
//if it is allowfirst and has deny rule |
... | ... | |
350 | 346 |
resultUnaccessableSubTree.put(new Long(startId), tree); |
351 | 347 |
} |
352 | 348 |
}//if |
353 |
else if ( hasAllowRule(principals, docId, permission, startId))
|
|
349 |
else if ( hasAllowRule(principals, permission, startId)) |
|
354 | 350 |
{ |
355 | 351 |
//if it is allowfirst and hasn't deny rule and has allow rule |
356 | 352 |
//allow access do nothing |
... | ... | |
368 | 364 |
}//if isAllowFirst |
369 | 365 |
else //denyFirst |
370 | 366 |
{ |
371 |
if (hasAllowRule(principals, docId, permission,startId))
|
|
367 |
if (hasAllowRule(principals, permission,startId)) |
|
372 | 368 |
{ |
373 | 369 |
//if it is denyFirst and has allow rule, allow access, do nothing |
374 | 370 |
|
... | ... | |
463 | 459 |
* @param docId, |
464 | 460 |
* the document id need to be checked |
465 | 461 |
*/ |
466 |
private boolean isAccessDocument(String docId) throws SQLException { |
|
467 |
// detele the rev number if docid contains it |
|
462 |
private boolean isAccessDocument() throws SQLException { |
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560