Revision 6744
Added by ben leinfelder over 12 years ago
IdentifierManager.java | ||
---|---|---|
1221 | 1221 |
*/ |
1222 | 1222 |
private void insertAccessPolicy(String guid, AccessPolicy accessPolicy) throws McdbDocNotFoundException, AccessException { |
1223 | 1223 |
|
1224 |
// check for the existing permOrder so that we remain compatible with it (DataONE does not care) |
|
1225 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
1226 |
String existingPermOrder = AccessControlInterface.ALLOWFIRST; |
|
1227 |
Vector<XMLAccessDAO> existingAccess = accessController.getXMLAccessForDoc(guid); |
|
1228 |
if (existingAccess != null && existingAccess.size() > 0) { |
|
1229 |
existingPermOrder = existingAccess.get(0).getPermOrder(); |
|
1230 |
} |
|
1231 |
|
|
1224 | 1232 |
List<XMLAccessDAO> accessDAOs = new ArrayList<XMLAccessDAO>(); |
1225 | 1233 |
for (AccessRule accessRule: accessPolicy.getAllowList()) { |
1226 | 1234 |
List<Subject> subjects = accessRule.getSubjectList(); |
... | ... | |
1230 | 1238 |
accessDAO.setPrincipalName(subject.getValue()); |
1231 | 1239 |
accessDAO.setGuid(guid); |
1232 | 1240 |
accessDAO.setPermType(AccessControlInterface.ALLOW); |
1233 |
accessDAO.setPermOrder(AccessControlInterface.ALLOWFIRST); |
|
1234 |
for (Permission permission: permissions) { |
|
1235 |
Long metacatPermission = new Long(convertPermission(permission)); |
|
1236 |
accessDAO.addPermission(metacatPermission); |
|
1241 |
accessDAO.setPermOrder(existingPermOrder); |
|
1242 |
if (permissions != null) { |
|
1243 |
for (Permission permission: permissions) { |
|
1244 |
Long metacatPermission = new Long(convertPermission(permission)); |
|
1245 |
accessDAO.addPermission(metacatPermission); |
|
1246 |
} |
|
1237 | 1247 |
} |
1238 | 1248 |
accessDAOs.add(accessDAO); |
1239 | 1249 |
} |
1240 | 1250 |
} |
1241 | 1251 |
|
1242 |
// use GUID to update |
|
1243 |
XMLAccessAccess accessController = new XMLAccessAccess(true); |
|
1244 |
accessController.replaceAccess(guid, accessDAOs); |
|
1245 | 1252 |
|
1253 |
// remove all existing allow records |
|
1254 |
accessController.deleteXMLAccessForDoc(guid, AccessControlInterface.ALLOW); |
|
1255 |
// add the ones we can for this guid |
|
1256 |
accessController.insertAccess(guid, accessDAOs); |
|
1246 | 1257 |
|
1258 |
|
|
1247 | 1259 |
} |
1248 | 1260 |
|
1249 | 1261 |
/** |
... | ... | |
1257 | 1269 |
AccessPolicy accessPolicy = new AccessPolicy(); |
1258 | 1270 |
|
1259 | 1271 |
// use GUID to look up the access |
1260 |
XMLAccessAccess accessController = new XMLAccessAccess(true);
|
|
1272 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
1261 | 1273 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(guid); |
1262 | 1274 |
|
1263 | 1275 |
for (XMLAccessDAO accessDAO: accessDAOs) { |
1264 |
AccessRule accessRule = new AccessRule(); |
|
1265 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
1266 |
accessRule.setPermissionList(permissions); |
|
1267 |
Subject subject = new Subject(); |
|
1268 |
subject.setValue(accessDAO.getPrincipalName()); |
|
1269 |
accessRule.addSubject(subject); |
|
1270 |
accessPolicy.addAllow(accessRule); |
|
1276 |
// only add allow rule |
|
1277 |
if (accessDAO.getPermType().equals(AccessControlInterface.ALLOW)) { |
|
1278 |
AccessRule accessRule = new AccessRule(); |
|
1279 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
1280 |
accessRule.setPermissionList(permissions); |
|
1281 |
Subject subject = new Subject(); |
|
1282 |
subject.setValue(accessDAO.getPrincipalName()); |
|
1283 |
accessRule.addSubject(subject); |
|
1284 |
accessPolicy.addAllow(accessRule); |
|
1285 |
} |
|
1271 | 1286 |
} |
1272 | 1287 |
return accessPolicy; |
1273 | 1288 |
} |
1274 | 1289 |
|
1275 |
/** |
|
1276 |
* Lookup access policy from Metacat |
|
1277 |
* @param guid |
|
1278 |
* @return |
|
1279 |
* @throws McdbDocNotFoundException |
|
1280 |
* @throws AccessException |
|
1281 |
*/ |
|
1282 |
public AccessPolicy getAccessPolicyByLocalId(String docid) throws McdbDocNotFoundException, AccessException { |
|
1283 |
AccessPolicy accessPolicy = new AccessPolicy(); |
|
1284 |
|
|
1285 |
// use GUID to look up the access |
|
1286 |
XMLAccessAccess accessController = new XMLAccessAccess(false); |
|
1287 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(docid); |
|
1288 |
|
|
1289 |
for (XMLAccessDAO accessDAO: accessDAOs) { |
|
1290 |
AccessRule accessRule = new AccessRule(); |
|
1291 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
1292 |
accessRule.setPermissionList(permissions); |
|
1293 |
Subject subject = new Subject(); |
|
1294 |
subject.setValue(accessDAO.getPrincipalName()); |
|
1295 |
accessRule.addSubject(subject); |
|
1296 |
accessPolicy.addAllow(accessRule); |
|
1297 |
} |
|
1298 |
return accessPolicy; |
|
1299 |
} |
|
1300 |
|
|
1301 | 1290 |
public int convertPermission(Permission permission) { |
1302 | 1291 |
if (permission.equals(Permission.READ)) { |
1303 | 1292 |
return AccessControlInterface.READ; |
... | ... | |
1312 | 1301 |
} |
1313 | 1302 |
|
1314 | 1303 |
public List<Permission> convertPermission(int permission) { |
1304 |
|
|
1315 | 1305 |
List<Permission> permissions = new ArrayList<Permission>(); |
1316 |
if (permission == AccessControlInterface.READ) {
|
|
1306 |
if (permission == AccessControlInterface.ALL) {
|
|
1317 | 1307 |
permissions.add(Permission.READ); |
1318 |
return permissions; |
|
1319 |
} |
|
1320 |
if (permission == AccessControlInterface.WRITE) { |
|
1321 | 1308 |
permissions.add(Permission.WRITE); |
1309 |
permissions.add(Permission.CHANGE_PERMISSION); |
|
1322 | 1310 |
return permissions; |
1323 | 1311 |
} |
1324 |
if (permission == AccessControlInterface.CHMOD) { |
|
1312 |
|
|
1313 |
if ((permission & AccessControlInterface.CHMOD) == AccessControlInterface.CHMOD) { |
|
1325 | 1314 |
permissions.add(Permission.CHANGE_PERMISSION); |
1326 |
return permissions; |
|
1327 | 1315 |
} |
1328 |
if (permission == AccessControlInterface.ALL) {
|
|
1316 |
if ((permission & AccessControlInterface.READ) == AccessControlInterface.READ) {
|
|
1329 | 1317 |
permissions.add(Permission.READ); |
1318 |
} |
|
1319 |
if ((permission & AccessControlInterface.WRITE) == AccessControlInterface.WRITE) { |
|
1330 | 1320 |
permissions.add(Permission.WRITE); |
1331 |
permissions.add(Permission.CHANGE_PERMISSION); |
|
1332 |
return permissions; |
|
1333 | 1321 |
} |
1334 |
return null; |
|
1322 |
|
|
1323 |
return permissions; |
|
1335 | 1324 |
} |
1336 | 1325 |
|
1337 | 1326 |
/** |
... | ... | |
1698 | 1687 |
rows = stmt.executeUpdate(); |
1699 | 1688 |
stmt.close(); |
1700 | 1689 |
|
1701 |
// TODO: remove the xml_access?
|
|
1690 |
// TODO: remove the access? |
|
1702 | 1691 |
// Metacat keeps "deleted" documents so we should not remove access rules. |
1703 | 1692 |
|
1704 | 1693 |
} catch (Exception e) { |
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560