Revision 6744
Added by ben leinfelder over 12 years ago
| Eml200SAXHandler.java | ||
|---|---|---|
| 337 | 337 |
// Get the unchangable subtrees (user doesn't have write permission) |
| 338 | 338 |
try |
| 339 | 339 |
{
|
| 340 |
PermissionController control = new PermissionController(docid |
|
| 341 |
+ PropertyService.getProperty("document.accNumSeparator") + revision);
|
|
| 342 |
//unChangableSubTreeHash = getUnchangableSubTree(control, user, |
|
| 343 |
// groups); |
|
| 344 | 340 |
|
| 345 |
// If the action is update and user doesn't have "ALL" permission |
|
| 346 |
// we need to check if user update access subtree |
|
| 347 |
if (action != null && action.equals("UPDATE")
|
|
| 348 |
&& !control.hasPermission(user, groups, |
|
| 349 |
AccessControlInterface.ALLSTRING) |
|
| 350 |
&& !AuthUtil.isAdministrator(user, groups)) |
|
| 351 |
{
|
|
| 352 |
needToCheckAccessModule = true; |
|
| 353 |
topAccessSubTreeFromDB = getTopAccessSubTreeFromDB(); |
|
| 354 |
additionalAccessSubTreeListFromDB = |
|
| 355 |
getAdditionalAccessSubTreeListFromDB(); |
|
| 356 |
referencedAccessSubTreeListFromDB = |
|
| 357 |
getReferencedAccessSubTreeListFromDB(); |
|
| 358 |
} |
|
| 359 |
|
|
| 360 | 341 |
//Here is for data object checking. |
| 361 |
if (action != null && action.equals("UPDATE"))
|
|
| 362 |
{
|
|
| 342 |
if (action != null && action.equals("UPDATE")) {
|
|
| 343 |
|
|
| 344 |
// we need to check if user can update access subtree |
|
| 345 |
int latestRevision = DBUtil.getLatestRevisionInDocumentTable(docid); |
|
| 346 |
String previousDocid = |
|
| 347 |
docid + PropertyService.getProperty("document.accNumSeparator") + latestRevision;
|
|
| 348 |
|
|
| 349 |
PermissionController control = new PermissionController(previousDocid); |
|
| 350 |
|
|
| 351 |
// If the action is update and user doesn't have "ALL" permission |
|
| 352 |
// we need to check if user update access subtree |
|
| 353 |
if ( !control.hasPermission(user, groups, AccessControlInterface.ALLSTRING) |
|
| 354 |
&& !AuthUtil.isAdministrator(user, groups)) {
|
|
| 355 |
|
|
| 356 |
needToCheckAccessModule = true; |
|
| 357 |
topAccessSubTreeFromDB = getTopAccessSubTreeFromDB(); |
|
| 358 |
additionalAccessSubTreeListFromDB = |
|
| 359 |
getAdditionalAccessSubTreeListFromDB(); |
|
| 360 |
referencedAccessSubTreeListFromDB = |
|
| 361 |
getReferencedAccessSubTreeListFromDB(); |
|
| 362 |
} |
|
| 363 |
|
|
| 363 | 364 |
//info about inline data object which user doesn't have read |
| 364 | 365 |
//permission the info come from xml_access table |
| 365 | 366 |
previousUnreadableInlineDataObjectHash = PermissionController. |
| 366 |
getUnReadableInlineDataIdList(docid, user, |
|
| 367 |
groups, true); |
|
| 367 |
getUnReadableInlineDataIdList(previousDocid, user, groups); |
|
| 368 | 368 |
|
| 369 | 369 |
//info about data object which user doesn't have write permission |
| 370 | 370 |
// the info come from xml_accesss table |
| 371 | 371 |
previousUnwritableInlineDataObjectHash = PermissionController. |
| 372 |
getUnWritableInlineDataIdList(docid, user,
|
|
| 372 |
getUnWritableInlineDataIdList(previousDocid, user,
|
|
| 373 | 373 |
groups, true); |
| 374 | 374 |
|
| 375 | 375 |
} |
| ... | ... | |
| 2034 | 2034 |
String permOrder = newAccess.getPermissionOrder(); |
| 2035 | 2035 |
Vector accessRule = newAccess.getAccessRules(); |
| 2036 | 2036 |
String subtree = null; |
| 2037 |
|
|
| 2037 | 2038 |
// document itself |
| 2038 |
deletePermissionsInAccessTableForDoc(docid); |
|
| 2039 |
writeGivenAccessRuleIntoDB(permOrder, accessRule, docid, subtree); |
|
| 2039 |
// use GUID |
|
| 2040 |
String guid = null; |
|
| 2041 |
try {
|
|
| 2042 |
guid = IdentifierManager.getInstance().getGUID(docid, Integer.valueOf(revision)); |
|
| 2043 |
} catch (NumberFormatException e) {
|
|
| 2044 |
throw new SAXException(e.getMessage(), e); |
|
| 2045 |
} catch (McdbDocNotFoundException e) {
|
|
| 2046 |
// register the default mapping now |
|
| 2047 |
guid = docid + "." + revision; |
|
| 2048 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
| 2049 |
} |
|
| 2050 |
deletePermissionsInAccessTableForDoc(guid); |
|
| 2051 |
writeGivenAccessRuleIntoDB(permOrder, accessRule, guid, subtree); |
|
| 2052 |
|
|
| 2040 | 2053 |
// for online data, it includes with id and without id. |
| 2041 | 2054 |
// 1. for the data with subtree id, we should ignore the ones already in |
| 2042 | 2055 |
// the hash - onlineURLIdHasAddionalAccess. |
| ... | ... | |
| 2091 | 2104 |
" write to xml_access table"); |
| 2092 | 2105 |
throw new SAXException("The access object is null");
|
| 2093 | 2106 |
} |
| 2094 |
// get rid of rev from dataId |
|
| 2095 |
//dataId = MetacatUtil.getDocIdFromString(dataId); |
|
| 2096 |
//String permOrder = accessSection.getPermissionOrder(); |
|
| 2107 |
|
|
| 2108 |
// geet the guid, not the docid alone |
|
| 2109 |
String guid = null; |
|
| 2110 |
try {
|
|
| 2111 |
guid = IdentifierManager.getInstance().getGUID(docid, Integer.valueOf(revision)); |
|
| 2112 |
} catch (NumberFormatException e) {
|
|
| 2113 |
throw new SAXException(e.getMessage(), e); |
|
| 2114 |
} catch (McdbDocNotFoundException e) {
|
|
| 2115 |
// register the default mapping now |
|
| 2116 |
guid = docid + "." + revision; |
|
| 2117 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
| 2118 |
} |
|
| 2119 |
|
|
| 2097 | 2120 |
String sql = null; |
| 2098 | 2121 |
PreparedStatement pstmt = null; |
| 2099 |
sql = "INSERT INTO xml_access (docid, principal_name, permission, "
|
|
| 2122 |
sql = "INSERT INTO xml_access (guid, principal_name, permission, "
|
|
| 2100 | 2123 |
+ "perm_type, perm_order, accessfileid, subtreeid) VALUES " |
| 2101 | 2124 |
+ " (?, ?, ?, ?, ?, ?, ?)"; |
| 2102 | 2125 |
|
| ... | ... | |
| 2108 | 2131 |
connection.increaseUsageCount(1); |
| 2109 | 2132 |
// Bind the values to the query |
| 2110 | 2133 |
pstmt.setString(1, dataId); |
| 2111 |
logMetacat.info("Docid in accesstable: " + docid);
|
|
| 2112 |
pstmt.setString(6, docid);
|
|
| 2113 |
logMetacat.info("Accessfileid in accesstable: " + docid);
|
|
| 2134 |
logMetacat.info("guid in accesstable: " + dataId);
|
|
| 2135 |
pstmt.setString(6, guid);
|
|
| 2136 |
logMetacat.info("Accessfileid in accesstable: " + guid);
|
|
| 2114 | 2137 |
pstmt.setString(5, permOrder); |
| 2115 | 2138 |
logMetacat.info("PermOder in accesstable: " + permOrder);
|
| 2116 | 2139 |
pstmt.setString(7, subTreeId); |
| ... | ... | |
| 2165 | 2188 |
}//writeGivenAccessRuleIntoDB |
| 2166 | 2189 |
|
| 2167 | 2190 |
|
| 2168 |
/* Delete from db all permission for resources related to @docid if any. */
|
|
| 2169 |
private void deletePermissionsInAccessTableForDoc(String docid)
|
|
| 2191 |
/* Delete from db all permission for resources related guid, if any. */
|
|
| 2192 |
private void deletePermissionsInAccessTableForDoc(String guid)
|
|
| 2170 | 2193 |
throws SAXException |
| 2171 | 2194 |
{
|
| 2172 | 2195 |
PreparedStatement pstmt = null; |
| 2173 | 2196 |
try {
|
| 2174 |
String sql = "DELETE FROM xml_access WHERE docid = ?";
|
|
| 2175 |
// delete all acl records for resources related to @aclid if any
|
|
| 2197 |
String sql = "DELETE FROM xml_access WHERE guid = ? ";
|
|
| 2198 |
// delete all acl records for resources related to guid if any
|
|
| 2176 | 2199 |
pstmt = connection.prepareStatement(sql); |
| 2177 |
pstmt.setString(1, docid);
|
|
| 2200 |
pstmt.setString(1, guid);
|
|
| 2178 | 2201 |
// Increase DBConnection usage count |
| 2179 | 2202 |
connection.increaseUsageCount(1); |
| 2180 | 2203 |
pstmt.execute(); |
| ... | ... | |
| 2198 | 2221 |
{
|
| 2199 | 2222 |
String sql = |
| 2200 | 2223 |
"DELETE FROM xml_access " + |
| 2201 |
"WHERE accessfileid = ? " +
|
|
| 2224 |
"WHERE accessfileid IN (SELECT guid from identifier where docid = ? and rev = ?) " +
|
|
| 2202 | 2225 |
"AND subtreeid = ?"; |
| 2203 | 2226 |
pstmt = connection.prepareStatement(sql); |
| 2204 | 2227 |
pstmt.setString(1, docid); |
| 2205 |
pstmt.setString(2, subtreeid); |
|
| 2228 |
pstmt.setInt(2, Integer.valueOf(revision)); |
|
| 2229 |
pstmt.setString(3, subtreeid); |
|
| 2206 | 2230 |
// Increase DBConnection usage count |
| 2207 | 2231 |
connection.increaseUsageCount(1); |
| 2208 | 2232 |
pstmt.execute(); |
| ... | ... | |
| 2232 | 2256 |
{
|
| 2233 | 2257 |
String sql = |
| 2234 | 2258 |
"DELETE FROM xml_access " + |
| 2235 |
"WHERE accessfileid = ? AND subtreeid IS NOT NULL"; |
|
| 2259 |
"WHERE accessfileid IN (SELECT guid from identifier where docid = ? and rev = ?) " + |
|
| 2260 |
"AND subtreeid IS NOT NULL"; |
|
| 2236 | 2261 |
pstmt = connection.prepareStatement(sql); |
| 2237 | 2262 |
pstmt.setString(1, docid); |
| 2263 |
pstmt.setInt(2, Integer.valueOf(revision)); |
|
| 2238 | 2264 |
// Increase DBConnection usage count |
| 2239 | 2265 |
connection.increaseUsageCount(1); |
| 2240 | 2266 |
pstmt.execute(); |
| ... | ... | |
| 2653 | 2679 |
|
| 2654 | 2680 |
/* |
| 2655 | 2681 |
* This method will handle data file in online url. If the data file is in |
| 2656 |
* ecogrid protocol, then the datafile identifier(without rev) be returned.
|
|
| 2682 |
* ecogrid protocol, then the datafile identifier (guid) be returned.
|
|
| 2657 | 2683 |
* otherwise, null will be returned. |
| 2658 | 2684 |
* If the data file doesn't exsit in xml_documents or |
| 2659 | 2685 |
* xml_revision table, or the user has all permission to the data file if |
| 2660 |
* the docid already existed, the data file id (without rev)will be returned
|
|
| 2686 |
* the docid already existed, the data file id (guid) will be returned
|
|
| 2661 | 2687 |
* NEED to do: |
| 2662 | 2688 |
* We should also need to implement http and ftp. Those |
| 2663 | 2689 |
* external files should be download and assign a data file id to it. |
| ... | ... | |
| 2666 | 2692 |
{
|
| 2667 | 2693 |
logMetacat.warn("The url is "+ url);
|
| 2668 | 2694 |
String docid = null; |
| 2695 |
String guid = null; |
|
| 2696 |
|
|
| 2669 | 2697 |
// if the url is not a ecogrid protocol, null will be getten |
| 2670 | 2698 |
String accessionNumber = |
| 2671 | 2699 |
DocumentUtil.getAccessionNumberFromEcogridIdentifier(url); |
| ... | ... | |
| 2674 | 2702 |
// handle ecogrid protocol |
| 2675 | 2703 |
// get rid of revision number to get the docid. |
| 2676 | 2704 |
docid = DocumentUtil.getDocIdFromAccessionNumber(accessionNumber); |
| 2705 |
// use the guid instead |
|
| 2706 |
int rev = DocumentUtil.getRevisionFromAccessionNumber(accessionNumber); |
|
| 2707 |
try {
|
|
| 2708 |
guid = IdentifierManager.getInstance().getGUID(docid, rev); |
|
| 2709 |
} catch (McdbDocNotFoundException e1) {
|
|
| 2710 |
guid = docid + "." + rev; |
|
| 2711 |
IdentifierManager.getInstance().createMapping(guid, guid); |
|
| 2712 |
} |
|
| 2677 | 2713 |
onlineDataFileIdInRelationVector.add(docid); |
| 2678 | 2714 |
try |
| 2679 | 2715 |
{
|
| 2680 | 2716 |
|
| 2681 | 2717 |
if (!AccessionNumber.accNumberUsed(docid)) |
| 2682 | 2718 |
{
|
| 2683 |
return docid;
|
|
| 2719 |
return guid;
|
|
| 2684 | 2720 |
} |
| 2685 | 2721 |
PermissionController controller = new |
| 2686 | 2722 |
PermissionController(accessionNumber); |
| 2687 | 2723 |
if (controller.hasPermission( |
| 2688 | 2724 |
user, groups, AccessControlInterface.ALLSTRING)) |
| 2689 | 2725 |
{
|
| 2690 |
return docid;
|
|
| 2726 |
return guid;
|
|
| 2691 | 2727 |
} |
| 2692 | 2728 |
else |
| 2693 | 2729 |
{
|
| 2694 | 2730 |
throw new SAXException("User: " + user + " does not have permission to update " +
|
| 2695 |
"access rules for data file "+ docid);
|
|
| 2731 |
"access rules for data file "+ guid);
|
|
| 2696 | 2732 |
} |
| 2697 | 2733 |
}//try |
| 2698 | 2734 |
catch(Exception e) |
| ... | ... | |
| 2703 | 2739 |
throw new SAXException(e.getMessage()); |
| 2704 | 2740 |
} |
| 2705 | 2741 |
} |
| 2706 |
return docid;
|
|
| 2742 |
return guid;
|
|
| 2707 | 2743 |
} |
| 2708 | 2744 |
|
| 2709 | 2745 |
private void compareElementNameSpaceAttributes(Stack unchangableNodeStack, |
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560