Revision 6744
Added by ben leinfelder over 12 years ago
Eml200SAXHandler.java | ||
---|---|---|
337 | 337 |
// Get the unchangable subtrees (user doesn't have write permission) |
338 | 338 |
try |
339 | 339 |
{ |
340 |
PermissionController control = new PermissionController(docid |
|
341 |
+ PropertyService.getProperty("document.accNumSeparator") + revision); |
|
342 |
//unChangableSubTreeHash = getUnchangableSubTree(control, user, |
|
343 |
// groups); |
|
344 | 340 |
|
345 |
// If the action is update and user doesn't have "ALL" permission |
|
346 |
// we need to check if user update access subtree |
|
347 |
if (action != null && action.equals("UPDATE") |
|
348 |
&& !control.hasPermission(user, groups, |
|
349 |
AccessControlInterface.ALLSTRING) |
|
350 |
&& !AuthUtil.isAdministrator(user, groups)) |
|
351 |
{ |
|
352 |
needToCheckAccessModule = true; |
|
353 |
topAccessSubTreeFromDB = getTopAccessSubTreeFromDB(); |
|
354 |
additionalAccessSubTreeListFromDB = |
|
355 |
getAdditionalAccessSubTreeListFromDB(); |
|
356 |
referencedAccessSubTreeListFromDB = |
|
357 |
getReferencedAccessSubTreeListFromDB(); |
|
358 |
} |
|
359 |
|
|
360 | 341 |
//Here is for data object checking. |
361 |
if (action != null && action.equals("UPDATE")) |
|
362 |
{ |
|
342 |
if (action != null && action.equals("UPDATE")) { |
|
343 |
|
|
344 |
// we need to check if user can update access subtree |
|
345 |
int latestRevision = DBUtil.getLatestRevisionInDocumentTable(docid); |
|
346 |
String previousDocid = |
|
347 |
docid + PropertyService.getProperty("document.accNumSeparator") + latestRevision; |
|
348 |
|
|
349 |
PermissionController control = new PermissionController(previousDocid); |
|
350 |
|
|
351 |
// If the action is update and user doesn't have "ALL" permission |
|
352 |
// we need to check if user update access subtree |
|
353 |
if ( !control.hasPermission(user, groups, AccessControlInterface.ALLSTRING) |
|
354 |
&& !AuthUtil.isAdministrator(user, groups)) { |
|
355 |
|
|
356 |
needToCheckAccessModule = true; |
|
357 |
topAccessSubTreeFromDB = getTopAccessSubTreeFromDB(); |
|
358 |
additionalAccessSubTreeListFromDB = |
|
359 |
getAdditionalAccessSubTreeListFromDB(); |
|
360 |
referencedAccessSubTreeListFromDB = |
|
361 |
getReferencedAccessSubTreeListFromDB(); |
|
362 |
} |
|
363 |
|
|
363 | 364 |
//info about inline data object which user doesn't have read |
364 | 365 |
//permission the info come from xml_access table |
365 | 366 |
previousUnreadableInlineDataObjectHash = PermissionController. |
366 |
getUnReadableInlineDataIdList(docid, user, |
|
367 |
groups, true); |
|
367 |
getUnReadableInlineDataIdList(previousDocid, user, groups); |
|
368 | 368 |
|
369 | 369 |
//info about data object which user doesn't have write permission |
370 | 370 |
// the info come from xml_accesss table |
371 | 371 |
previousUnwritableInlineDataObjectHash = PermissionController. |
372 |
getUnWritableInlineDataIdList(docid, user,
|
|
372 |
getUnWritableInlineDataIdList(previousDocid, user,
|
|
373 | 373 |
groups, true); |
374 | 374 |
|
375 | 375 |
} |
... | ... | |
2034 | 2034 |
String permOrder = newAccess.getPermissionOrder(); |
2035 | 2035 |
Vector accessRule = newAccess.getAccessRules(); |
2036 | 2036 |
String subtree = null; |
2037 |
|
|
2037 | 2038 |
// document itself |
2038 |
deletePermissionsInAccessTableForDoc(docid); |
|
2039 |
writeGivenAccessRuleIntoDB(permOrder, accessRule, docid, subtree); |
|
2039 |
// use GUID |
|
2040 |
String guid = null; |
|
2041 |
try { |
|
2042 |
guid = IdentifierManager.getInstance().getGUID(docid, Integer.valueOf(revision)); |
|
2043 |
} catch (NumberFormatException e) { |
|
2044 |
throw new SAXException(e.getMessage(), e); |
|
2045 |
} catch (McdbDocNotFoundException e) { |
|
2046 |
// register the default mapping now |
|
2047 |
guid = docid + "." + revision; |
|
2048 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
2049 |
} |
|
2050 |
deletePermissionsInAccessTableForDoc(guid); |
|
2051 |
writeGivenAccessRuleIntoDB(permOrder, accessRule, guid, subtree); |
|
2052 |
|
|
2040 | 2053 |
// for online data, it includes with id and without id. |
2041 | 2054 |
// 1. for the data with subtree id, we should ignore the ones already in |
2042 | 2055 |
// the hash - onlineURLIdHasAddionalAccess. |
... | ... | |
2091 | 2104 |
" write to xml_access table"); |
2092 | 2105 |
throw new SAXException("The access object is null"); |
2093 | 2106 |
} |
2094 |
// get rid of rev from dataId |
|
2095 |
//dataId = MetacatUtil.getDocIdFromString(dataId); |
|
2096 |
//String permOrder = accessSection.getPermissionOrder(); |
|
2107 |
|
|
2108 |
// geet the guid, not the docid alone |
|
2109 |
String guid = null; |
|
2110 |
try { |
|
2111 |
guid = IdentifierManager.getInstance().getGUID(docid, Integer.valueOf(revision)); |
|
2112 |
} catch (NumberFormatException e) { |
|
2113 |
throw new SAXException(e.getMessage(), e); |
|
2114 |
} catch (McdbDocNotFoundException e) { |
|
2115 |
// register the default mapping now |
|
2116 |
guid = docid + "." + revision; |
|
2117 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
2118 |
} |
|
2119 |
|
|
2097 | 2120 |
String sql = null; |
2098 | 2121 |
PreparedStatement pstmt = null; |
2099 |
sql = "INSERT INTO xml_access (docid, principal_name, permission, "
|
|
2122 |
sql = "INSERT INTO xml_access (guid, principal_name, permission, "
|
|
2100 | 2123 |
+ "perm_type, perm_order, accessfileid, subtreeid) VALUES " |
2101 | 2124 |
+ " (?, ?, ?, ?, ?, ?, ?)"; |
2102 | 2125 |
|
... | ... | |
2108 | 2131 |
connection.increaseUsageCount(1); |
2109 | 2132 |
// Bind the values to the query |
2110 | 2133 |
pstmt.setString(1, dataId); |
2111 |
logMetacat.info("Docid in accesstable: " + docid);
|
|
2112 |
pstmt.setString(6, docid);
|
|
2113 |
logMetacat.info("Accessfileid in accesstable: " + docid);
|
|
2134 |
logMetacat.info("guid in accesstable: " + dataId);
|
|
2135 |
pstmt.setString(6, guid);
|
|
2136 |
logMetacat.info("Accessfileid in accesstable: " + guid);
|
|
2114 | 2137 |
pstmt.setString(5, permOrder); |
2115 | 2138 |
logMetacat.info("PermOder in accesstable: " + permOrder); |
2116 | 2139 |
pstmt.setString(7, subTreeId); |
... | ... | |
2165 | 2188 |
}//writeGivenAccessRuleIntoDB |
2166 | 2189 |
|
2167 | 2190 |
|
2168 |
/* Delete from db all permission for resources related to @docid if any. */
|
|
2169 |
private void deletePermissionsInAccessTableForDoc(String docid)
|
|
2191 |
/* Delete from db all permission for resources related guid, if any. */
|
|
2192 |
private void deletePermissionsInAccessTableForDoc(String guid)
|
|
2170 | 2193 |
throws SAXException |
2171 | 2194 |
{ |
2172 | 2195 |
PreparedStatement pstmt = null; |
2173 | 2196 |
try { |
2174 |
String sql = "DELETE FROM xml_access WHERE docid = ?";
|
|
2175 |
// delete all acl records for resources related to @aclid if any
|
|
2197 |
String sql = "DELETE FROM xml_access WHERE guid = ? ";
|
|
2198 |
// delete all acl records for resources related to guid if any
|
|
2176 | 2199 |
pstmt = connection.prepareStatement(sql); |
2177 |
pstmt.setString(1, docid);
|
|
2200 |
pstmt.setString(1, guid);
|
|
2178 | 2201 |
// Increase DBConnection usage count |
2179 | 2202 |
connection.increaseUsageCount(1); |
2180 | 2203 |
pstmt.execute(); |
... | ... | |
2198 | 2221 |
{ |
2199 | 2222 |
String sql = |
2200 | 2223 |
"DELETE FROM xml_access " + |
2201 |
"WHERE accessfileid = ? " +
|
|
2224 |
"WHERE accessfileid IN (SELECT guid from identifier where docid = ? and rev = ?) " +
|
|
2202 | 2225 |
"AND subtreeid = ?"; |
2203 | 2226 |
pstmt = connection.prepareStatement(sql); |
2204 | 2227 |
pstmt.setString(1, docid); |
2205 |
pstmt.setString(2, subtreeid); |
|
2228 |
pstmt.setInt(2, Integer.valueOf(revision)); |
|
2229 |
pstmt.setString(3, subtreeid); |
|
2206 | 2230 |
// Increase DBConnection usage count |
2207 | 2231 |
connection.increaseUsageCount(1); |
2208 | 2232 |
pstmt.execute(); |
... | ... | |
2232 | 2256 |
{ |
2233 | 2257 |
String sql = |
2234 | 2258 |
"DELETE FROM xml_access " + |
2235 |
"WHERE accessfileid = ? AND subtreeid IS NOT NULL"; |
|
2259 |
"WHERE accessfileid IN (SELECT guid from identifier where docid = ? and rev = ?) " + |
|
2260 |
"AND subtreeid IS NOT NULL"; |
|
2236 | 2261 |
pstmt = connection.prepareStatement(sql); |
2237 | 2262 |
pstmt.setString(1, docid); |
2263 |
pstmt.setInt(2, Integer.valueOf(revision)); |
|
2238 | 2264 |
// Increase DBConnection usage count |
2239 | 2265 |
connection.increaseUsageCount(1); |
2240 | 2266 |
pstmt.execute(); |
... | ... | |
2653 | 2679 |
|
2654 | 2680 |
/* |
2655 | 2681 |
* This method will handle data file in online url. If the data file is in |
2656 |
* ecogrid protocol, then the datafile identifier(without rev) be returned.
|
|
2682 |
* ecogrid protocol, then the datafile identifier (guid) be returned.
|
|
2657 | 2683 |
* otherwise, null will be returned. |
2658 | 2684 |
* If the data file doesn't exsit in xml_documents or |
2659 | 2685 |
* xml_revision table, or the user has all permission to the data file if |
2660 |
* the docid already existed, the data file id (without rev)will be returned
|
|
2686 |
* the docid already existed, the data file id (guid) will be returned
|
|
2661 | 2687 |
* NEED to do: |
2662 | 2688 |
* We should also need to implement http and ftp. Those |
2663 | 2689 |
* external files should be download and assign a data file id to it. |
... | ... | |
2666 | 2692 |
{ |
2667 | 2693 |
logMetacat.warn("The url is "+ url); |
2668 | 2694 |
String docid = null; |
2695 |
String guid = null; |
|
2696 |
|
|
2669 | 2697 |
// if the url is not a ecogrid protocol, null will be getten |
2670 | 2698 |
String accessionNumber = |
2671 | 2699 |
DocumentUtil.getAccessionNumberFromEcogridIdentifier(url); |
... | ... | |
2674 | 2702 |
// handle ecogrid protocol |
2675 | 2703 |
// get rid of revision number to get the docid. |
2676 | 2704 |
docid = DocumentUtil.getDocIdFromAccessionNumber(accessionNumber); |
2705 |
// use the guid instead |
|
2706 |
int rev = DocumentUtil.getRevisionFromAccessionNumber(accessionNumber); |
|
2707 |
try { |
|
2708 |
guid = IdentifierManager.getInstance().getGUID(docid, rev); |
|
2709 |
} catch (McdbDocNotFoundException e1) { |
|
2710 |
guid = docid + "." + rev; |
|
2711 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
2712 |
} |
|
2677 | 2713 |
onlineDataFileIdInRelationVector.add(docid); |
2678 | 2714 |
try |
2679 | 2715 |
{ |
2680 | 2716 |
|
2681 | 2717 |
if (!AccessionNumber.accNumberUsed(docid)) |
2682 | 2718 |
{ |
2683 |
return docid;
|
|
2719 |
return guid;
|
|
2684 | 2720 |
} |
2685 | 2721 |
PermissionController controller = new |
2686 | 2722 |
PermissionController(accessionNumber); |
2687 | 2723 |
if (controller.hasPermission( |
2688 | 2724 |
user, groups, AccessControlInterface.ALLSTRING)) |
2689 | 2725 |
{ |
2690 |
return docid;
|
|
2726 |
return guid;
|
|
2691 | 2727 |
} |
2692 | 2728 |
else |
2693 | 2729 |
{ |
2694 | 2730 |
throw new SAXException("User: " + user + " does not have permission to update " + |
2695 |
"access rules for data file "+ docid);
|
|
2731 |
"access rules for data file "+ guid);
|
|
2696 | 2732 |
} |
2697 | 2733 |
}//try |
2698 | 2734 |
catch(Exception e) |
... | ... | |
2703 | 2739 |
throw new SAXException(e.getMessage()); |
2704 | 2740 |
} |
2705 | 2741 |
} |
2706 |
return docid;
|
|
2742 |
return guid;
|
|
2707 | 2743 |
} |
2708 | 2744 |
|
2709 | 2745 |
private void compareElementNameSpaceAttributes(Stack unchangableNodeStack, |
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560