Revision 6744
Added by ben leinfelder over 12 years ago
| IdentifierManager.java | ||
|---|---|---|
| 1221 | 1221 |
*/ |
| 1222 | 1222 |
private void insertAccessPolicy(String guid, AccessPolicy accessPolicy) throws McdbDocNotFoundException, AccessException {
|
| 1223 | 1223 |
|
| 1224 |
// check for the existing permOrder so that we remain compatible with it (DataONE does not care) |
|
| 1225 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
| 1226 |
String existingPermOrder = AccessControlInterface.ALLOWFIRST; |
|
| 1227 |
Vector<XMLAccessDAO> existingAccess = accessController.getXMLAccessForDoc(guid); |
|
| 1228 |
if (existingAccess != null && existingAccess.size() > 0) {
|
|
| 1229 |
existingPermOrder = existingAccess.get(0).getPermOrder(); |
|
| 1230 |
} |
|
| 1231 |
|
|
| 1224 | 1232 |
List<XMLAccessDAO> accessDAOs = new ArrayList<XMLAccessDAO>(); |
| 1225 | 1233 |
for (AccessRule accessRule: accessPolicy.getAllowList()) {
|
| 1226 | 1234 |
List<Subject> subjects = accessRule.getSubjectList(); |
| ... | ... | |
| 1230 | 1238 |
accessDAO.setPrincipalName(subject.getValue()); |
| 1231 | 1239 |
accessDAO.setGuid(guid); |
| 1232 | 1240 |
accessDAO.setPermType(AccessControlInterface.ALLOW); |
| 1233 |
accessDAO.setPermOrder(AccessControlInterface.ALLOWFIRST); |
|
| 1234 |
for (Permission permission: permissions) {
|
|
| 1235 |
Long metacatPermission = new Long(convertPermission(permission)); |
|
| 1236 |
accessDAO.addPermission(metacatPermission); |
|
| 1241 |
accessDAO.setPermOrder(existingPermOrder); |
|
| 1242 |
if (permissions != null) {
|
|
| 1243 |
for (Permission permission: permissions) {
|
|
| 1244 |
Long metacatPermission = new Long(convertPermission(permission)); |
|
| 1245 |
accessDAO.addPermission(metacatPermission); |
|
| 1246 |
} |
|
| 1237 | 1247 |
} |
| 1238 | 1248 |
accessDAOs.add(accessDAO); |
| 1239 | 1249 |
} |
| 1240 | 1250 |
} |
| 1241 | 1251 |
|
| 1242 |
// use GUID to update |
|
| 1243 |
XMLAccessAccess accessController = new XMLAccessAccess(true); |
|
| 1244 |
accessController.replaceAccess(guid, accessDAOs); |
|
| 1245 | 1252 |
|
| 1253 |
// remove all existing allow records |
|
| 1254 |
accessController.deleteXMLAccessForDoc(guid, AccessControlInterface.ALLOW); |
|
| 1255 |
// add the ones we can for this guid |
|
| 1256 |
accessController.insertAccess(guid, accessDAOs); |
|
| 1246 | 1257 |
|
| 1258 |
|
|
| 1247 | 1259 |
} |
| 1248 | 1260 |
|
| 1249 | 1261 |
/** |
| ... | ... | |
| 1257 | 1269 |
AccessPolicy accessPolicy = new AccessPolicy(); |
| 1258 | 1270 |
|
| 1259 | 1271 |
// use GUID to look up the access |
| 1260 |
XMLAccessAccess accessController = new XMLAccessAccess(true);
|
|
| 1272 |
XMLAccessAccess accessController = new XMLAccessAccess(); |
|
| 1261 | 1273 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(guid); |
| 1262 | 1274 |
|
| 1263 | 1275 |
for (XMLAccessDAO accessDAO: accessDAOs) {
|
| 1264 |
AccessRule accessRule = new AccessRule(); |
|
| 1265 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
| 1266 |
accessRule.setPermissionList(permissions); |
|
| 1267 |
Subject subject = new Subject(); |
|
| 1268 |
subject.setValue(accessDAO.getPrincipalName()); |
|
| 1269 |
accessRule.addSubject(subject); |
|
| 1270 |
accessPolicy.addAllow(accessRule); |
|
| 1276 |
// only add allow rule |
|
| 1277 |
if (accessDAO.getPermType().equals(AccessControlInterface.ALLOW)) {
|
|
| 1278 |
AccessRule accessRule = new AccessRule(); |
|
| 1279 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
| 1280 |
accessRule.setPermissionList(permissions); |
|
| 1281 |
Subject subject = new Subject(); |
|
| 1282 |
subject.setValue(accessDAO.getPrincipalName()); |
|
| 1283 |
accessRule.addSubject(subject); |
|
| 1284 |
accessPolicy.addAllow(accessRule); |
|
| 1285 |
} |
|
| 1271 | 1286 |
} |
| 1272 | 1287 |
return accessPolicy; |
| 1273 | 1288 |
} |
| 1274 | 1289 |
|
| 1275 |
/** |
|
| 1276 |
* Lookup access policy from Metacat |
|
| 1277 |
* @param guid |
|
| 1278 |
* @return |
|
| 1279 |
* @throws McdbDocNotFoundException |
|
| 1280 |
* @throws AccessException |
|
| 1281 |
*/ |
|
| 1282 |
public AccessPolicy getAccessPolicyByLocalId(String docid) throws McdbDocNotFoundException, AccessException {
|
|
| 1283 |
AccessPolicy accessPolicy = new AccessPolicy(); |
|
| 1284 |
|
|
| 1285 |
// use GUID to look up the access |
|
| 1286 |
XMLAccessAccess accessController = new XMLAccessAccess(false); |
|
| 1287 |
List<XMLAccessDAO> accessDAOs = accessController.getXMLAccessForDoc(docid); |
|
| 1288 |
|
|
| 1289 |
for (XMLAccessDAO accessDAO: accessDAOs) {
|
|
| 1290 |
AccessRule accessRule = new AccessRule(); |
|
| 1291 |
List <Permission> permissions = convertPermission(accessDAO.getPermission().intValue()); |
|
| 1292 |
accessRule.setPermissionList(permissions); |
|
| 1293 |
Subject subject = new Subject(); |
|
| 1294 |
subject.setValue(accessDAO.getPrincipalName()); |
|
| 1295 |
accessRule.addSubject(subject); |
|
| 1296 |
accessPolicy.addAllow(accessRule); |
|
| 1297 |
} |
|
| 1298 |
return accessPolicy; |
|
| 1299 |
} |
|
| 1300 |
|
|
| 1301 | 1290 |
public int convertPermission(Permission permission) {
|
| 1302 | 1291 |
if (permission.equals(Permission.READ)) {
|
| 1303 | 1292 |
return AccessControlInterface.READ; |
| ... | ... | |
| 1312 | 1301 |
} |
| 1313 | 1302 |
|
| 1314 | 1303 |
public List<Permission> convertPermission(int permission) {
|
| 1304 |
|
|
| 1315 | 1305 |
List<Permission> permissions = new ArrayList<Permission>(); |
| 1316 |
if (permission == AccessControlInterface.READ) {
|
|
| 1306 |
if (permission == AccessControlInterface.ALL) {
|
|
| 1317 | 1307 |
permissions.add(Permission.READ); |
| 1318 |
return permissions; |
|
| 1319 |
} |
|
| 1320 |
if (permission == AccessControlInterface.WRITE) {
|
|
| 1321 | 1308 |
permissions.add(Permission.WRITE); |
| 1309 |
permissions.add(Permission.CHANGE_PERMISSION); |
|
| 1322 | 1310 |
return permissions; |
| 1323 | 1311 |
} |
| 1324 |
if (permission == AccessControlInterface.CHMOD) {
|
|
| 1312 |
|
|
| 1313 |
if ((permission & AccessControlInterface.CHMOD) == AccessControlInterface.CHMOD) {
|
|
| 1325 | 1314 |
permissions.add(Permission.CHANGE_PERMISSION); |
| 1326 |
return permissions; |
|
| 1327 | 1315 |
} |
| 1328 |
if (permission == AccessControlInterface.ALL) {
|
|
| 1316 |
if ((permission & AccessControlInterface.READ) == AccessControlInterface.READ) {
|
|
| 1329 | 1317 |
permissions.add(Permission.READ); |
| 1318 |
} |
|
| 1319 |
if ((permission & AccessControlInterface.WRITE) == AccessControlInterface.WRITE) {
|
|
| 1330 | 1320 |
permissions.add(Permission.WRITE); |
| 1331 |
permissions.add(Permission.CHANGE_PERMISSION); |
|
| 1332 |
return permissions; |
|
| 1333 | 1321 |
} |
| 1334 |
return null; |
|
| 1322 |
|
|
| 1323 |
return permissions; |
|
| 1335 | 1324 |
} |
| 1336 | 1325 |
|
| 1337 | 1326 |
/** |
| ... | ... | |
| 1698 | 1687 |
rows = stmt.executeUpdate(); |
| 1699 | 1688 |
stmt.close(); |
| 1700 | 1689 |
|
| 1701 |
// TODO: remove the xml_access?
|
|
| 1690 |
// TODO: remove the access? |
|
| 1702 | 1691 |
// Metacat keeps "deleted" documents so we should not remove access rules. |
| 1703 | 1692 |
|
| 1704 | 1693 |
} catch (Exception e) {
|
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560