Revision 6744
Added by ben leinfelder over 12 years ago
XMLAccessAccess.java | ||
---|---|---|
35 | 35 |
|
36 | 36 |
import org.apache.log4j.Logger; |
37 | 37 |
|
38 |
import edu.ucsb.nceas.metacat.AccessionNumber; |
|
39 |
import edu.ucsb.nceas.metacat.AccessionNumberException; |
|
40 |
import edu.ucsb.nceas.metacat.DBUtil; |
|
41 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
|
42 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
43 | 38 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
44 | 39 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
45 | 40 |
import edu.ucsb.nceas.metacat.shared.AccessException; |
... | ... | |
48 | 43 |
public class XMLAccessAccess extends BaseAccess { |
49 | 44 |
|
50 | 45 |
private Logger logMetacat = Logger.getLogger(XMLAccessAccess.class); |
51 |
|
|
52 |
private static String DOCID = "docid"; |
|
53 |
|
|
54 |
private static String GUID = "guid"; |
|
55 |
|
|
56 |
private String idAttribute = DOCID; |
|
57 |
|
|
46 |
|
|
58 | 47 |
// Constructor |
59 | 48 |
public XMLAccessAccess() throws AccessException {} |
60 | 49 |
|
61 |
public XMLAccessAccess(boolean useGuid) { |
|
62 |
if (useGuid) { |
|
63 |
idAttribute = GUID; |
|
64 |
} |
|
65 |
} |
|
66 | 50 |
|
67 | 51 |
/** |
68 | 52 |
* Get all xml access for a document |
... | ... | |
71 | 55 |
* the id of the document |
72 | 56 |
* @return an xml access DAO list |
73 | 57 |
*/ |
74 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String id) throws AccessException { |
|
58 |
public Vector<XMLAccessDAO> getXMLAccessForDoc(String guid) throws AccessException {
|
|
75 | 59 |
|
76 | 60 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
77 | 61 |
|
78 |
if (id == null) { |
|
62 |
if (guid == null) {
|
|
79 | 63 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - doc id " + |
80 | 64 |
"must be specified when selecting xml_access record"); |
81 | 65 |
} |
... | ... | |
88 | 72 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForDoc"); |
89 | 73 |
serialNumber = conn.getCheckOutSerialNumber(); |
90 | 74 |
|
91 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ?";
|
|
75 |
String sql = "SELECT * FROM xml_access WHERE guid = ?";
|
|
92 | 76 |
pstmt = conn.prepareStatement(sql); |
93 | 77 |
|
94 |
pstmt.setString(1, id); |
|
78 |
pstmt.setString(1, guid);
|
|
95 | 79 |
|
96 | 80 |
String sqlReport = "XMLAccessAccess.getXMLAccessForDoc - SQL: " + sql; |
97 |
sqlReport += " [" + id + "]"; |
|
81 |
sqlReport += " [" + guid + "]";
|
|
98 | 82 |
|
99 | 83 |
logMetacat.info(sqlReport); |
100 | 84 |
|
... | ... | |
113 | 97 |
|
114 | 98 |
} catch (SQLException sqle) { |
115 | 99 |
throw new AccessException("XMLAccessAccess.getXMLAccessForDoc - SQL error when getting access " + |
116 |
" for id: " + id + " : " + sqle.getMessage()); |
|
100 |
" for id: " + guid + " : " + sqle.getMessage());
|
|
117 | 101 |
} catch (PermOrderException poe) { |
118 | 102 |
String errorStr = "XMLAccessAccess.getXMLAccessForDoc - Permission order error when getting " + |
119 |
"access record for doc id: " + id + " : " + poe.getMessage(); |
|
103 |
"access record for doc id: " + guid + " : " + poe.getMessage();
|
|
120 | 104 |
logMetacat.error(errorStr); |
121 | 105 |
throw new AccessException(errorStr); |
122 | 106 |
} finally { |
... | ... | |
133 | 117 |
* the credentials of the principal in the database |
134 | 118 |
* @return an xml access DAO list |
135 | 119 |
*/ |
136 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName) |
|
120 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName)
|
|
137 | 121 |
throws AccessException { |
138 | 122 |
|
139 | 123 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
140 | 124 |
|
141 |
if (id == null) { |
|
125 |
if (guid == null) {
|
|
142 | 126 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " + |
143 | 127 |
"must be specified when selecting xml_access record"); |
144 | 128 |
} |
... | ... | |
155 | 139 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal"); |
156 | 140 |
serialNumber = conn.getCheckOutSerialNumber(); |
157 | 141 |
|
158 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
142 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
159 | 143 |
pstmt = conn.prepareStatement(sql); |
160 | 144 |
|
161 |
pstmt.setString(1, id); |
|
145 |
pstmt.setString(1, guid);
|
|
162 | 146 |
pstmt.setString(2, principalName); |
163 | 147 |
|
164 | 148 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
165 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
149 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
166 | 150 |
|
167 | 151 |
logMetacat.info(sqlReport); |
168 | 152 |
|
... | ... | |
181 | 165 |
|
182 | 166 |
} catch (SQLException sqle) { |
183 | 167 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " + |
184 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
168 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
185 | 169 |
} catch (PermOrderException poe) { |
186 | 170 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
187 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
171 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
188 | 172 |
logMetacat.error(errorStr); |
189 | 173 |
throw new AccessException(errorStr); |
190 | 174 |
} finally { |
... | ... | |
195 | 179 |
/** |
196 | 180 |
* Get all xml access for a principal/permType/permOrder for a certain document |
197 | 181 |
* |
198 |
* @param id |
|
182 |
* @param guid
|
|
199 | 183 |
* the id of the document |
200 | 184 |
* @param principalName |
201 | 185 |
* the credentials of the principal in the database |
202 | 186 |
* @return an xml access DAO list |
203 | 187 |
*/ |
204 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) |
|
188 |
public Vector<XMLAccessDAO> getXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder)
|
|
205 | 189 |
throws AccessException { |
206 | 190 |
|
207 | 191 |
Vector<XMLAccessDAO> xmlAccessList = new Vector<XMLAccessDAO>(); |
208 | 192 |
|
209 |
if (id == null) { |
|
193 |
if (guid == null) {
|
|
210 | 194 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - doc id " + |
211 | 195 |
"must be specified when selecting xml_access record"); |
212 | 196 |
} |
... | ... | |
231 | 215 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.getXMLAccessForPrincipal"); |
232 | 216 |
serialNumber = conn.getCheckOutSerialNumber(); |
233 | 217 |
|
234 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
218 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
235 | 219 |
"AND perm_type = ? AND perm_order = ?"; |
236 | 220 |
pstmt = conn.prepareStatement(sql); |
237 | 221 |
|
238 |
pstmt.setString(1, id); |
|
222 |
pstmt.setString(1, guid);
|
|
239 | 223 |
pstmt.setString(2, principalName); |
240 | 224 |
pstmt.setString(3, permType); |
241 | 225 |
pstmt.setString(4, permOrder); |
242 | 226 |
|
243 | 227 |
String sqlReport = "XMLAccessAccess.getXMLAccessForPrincipal - SQL: " + sql; |
244 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
228 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
245 | 229 |
|
246 | 230 |
logMetacat.info(sqlReport); |
247 | 231 |
|
... | ... | |
259 | 243 |
|
260 | 244 |
} catch (SQLException sqle) { |
261 | 245 |
throw new AccessException("XMLAccessAccess.getXMLAccessForPrincipal - SQL error when getting access " + |
262 |
" for id: " + id + ", principal: " + principalName + " : " + sqle.getMessage()); |
|
246 |
" for id: " + guid + ", principal: " + principalName + " : " + sqle.getMessage());
|
|
263 | 247 |
} catch (PermOrderException poe) { |
264 | 248 |
String errorStr = "XMLAccessAccess.getXMLAccessForPrincipal - Permission order error when getting " + |
265 |
"access record for id: " + id + ", principal: " + principalName + " : " + poe.getMessage(); |
|
249 |
"access record for id: " + guid + ", principal: " + principalName + " : " + poe.getMessage();
|
|
266 | 250 |
logMetacat.error(errorStr); |
267 | 251 |
throw new AccessException(errorStr); |
268 | 252 |
} finally { |
... | ... | |
275 | 259 |
* principal already exists, bitwise OR the permission to the existing |
276 | 260 |
* permission and update. |
277 | 261 |
* |
278 |
* @param id |
|
262 |
* @param guid
|
|
279 | 263 |
* document id |
280 | 264 |
* @param principalName |
281 | 265 |
* principal credentials |
... | ... | |
286 | 270 |
* @param permOrder |
287 | 271 |
* permission order |
288 | 272 |
*/ |
289 |
public void addXMLAccess(String id, String principalName, Long permission, String permType, |
|
273 |
public void addXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
290 | 274 |
String permOrder, String accessFileId, String subTreeId) throws AccessException, PermOrderException { |
291 | 275 |
|
292 |
permOrderConflict(id, permOrder); |
|
276 |
permOrderConflict(guid, permOrder);
|
|
293 | 277 |
|
294 | 278 |
Vector<XMLAccessDAO> xmlAccessList = |
295 |
getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
279 |
getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
296 | 280 |
|
297 | 281 |
// if more than one record exists for this principal on this document with the same |
298 | 282 |
// access type / access order combination, call cleanup to combine common access and then |
299 | 283 |
// re-retrieve the access list. |
300 | 284 |
if (xmlAccessList.size() == 0) { |
301 |
insertXMLAccess(id, principalName, permission, permType, permOrder, accessFileId, subTreeId); |
|
285 |
insertXMLAccess(guid, principalName, permission, permType, permOrder, accessFileId, subTreeId);
|
|
302 | 286 |
return; |
303 | 287 |
} |
304 | 288 |
|
305 | 289 |
if (xmlAccessList.size() > 1) { |
306 | 290 |
cleanupXMLAccessForPrincipal(xmlAccessList); |
307 |
xmlAccessList = getXMLAccessForPrincipal(id, principalName, permType, permOrder); |
|
291 |
xmlAccessList = getXMLAccessForPrincipal(guid, principalName, permType, permOrder);
|
|
308 | 292 |
} |
309 | 293 |
|
310 | 294 |
if (xmlAccessList.size() == 0) { |
311 | 295 |
throw new AccessException("XMLAccessAccess.addXMLAccess - xml access list is empty when " + |
312 |
"it shouldn't be for id: " + id + ", prinicpal name: " + principalName + ", perm type " + |
|
296 |
"it shouldn't be for id: " + guid + ", prinicpal name: " + principalName + ", perm type " +
|
|
313 | 297 |
permType + ", perm order: " + permOrder); |
314 | 298 |
} |
315 | 299 |
|
... | ... | |
319 | 303 |
//trying to add, update the access record with the existing permission bitwis OR-ed with our |
320 | 304 |
// new permission |
321 | 305 |
if ((xmlAccessDAO.getPermission() & permission) != permission) { |
322 |
updateXMLAccessPermission(id, principalName, xmlAccessDAO.getPermission() | permission); |
|
306 |
updateXMLAccessPermission(guid, principalName, xmlAccessDAO.getPermission() | permission);
|
|
323 | 307 |
} |
324 | 308 |
} |
325 | 309 |
|
... | ... | |
332 | 316 |
* @param xmlAccessList |
333 | 317 |
* list of xml access dao objects that hold new access for the document |
334 | 318 |
*/ |
335 |
public void replaceAccess(String id, List<XMLAccessDAO> xmlAccessList) throws AccessException { |
|
336 |
deleteXMLAccessForDoc(id); |
|
319 |
public void replaceAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException {
|
|
320 |
deleteXMLAccessForDoc(guid);
|
|
337 | 321 |
|
322 |
insertAccess(guid, xmlAccessList); |
|
323 |
} |
|
324 |
|
|
325 |
/** |
|
326 |
* Set permissions for a given document. This means first removing all access control for the |
|
327 |
* document and then adding the given rules. |
|
328 |
* |
|
329 |
* @param id |
|
330 |
* document id |
|
331 |
* @param xmlAccessList |
|
332 |
* list of xml access dao objects that hold new access for the document |
|
333 |
*/ |
|
334 |
public void insertAccess(String guid, List<XMLAccessDAO> xmlAccessList) throws AccessException { |
|
335 |
|
|
338 | 336 |
// if more than one record exists for this principal on this document with the same |
339 | 337 |
// access type / access order combination, call cleanup to combine common access and then |
340 | 338 |
// re-retrieve the access list. |
341 | 339 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
342 |
insertXMLAccess(id, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(), |
|
340 |
insertXMLAccess(guid, xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(),
|
|
343 | 341 |
xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder(), xmlAccessDAO.getAccessFileId(), xmlAccessDAO.getSubTreeId()); |
344 | 342 |
} |
345 | 343 |
} |
... | ... | |
360 | 358 |
* @param permOrder |
361 | 359 |
* permission order |
362 | 360 |
*/ |
363 |
private void insertXMLAccess(String id, String principalName, Long permission, String permType, |
|
361 |
private void insertXMLAccess(String guid, String principalName, Long permission, String permType,
|
|
364 | 362 |
String permOrder, String accessFileId, String subTreeId) throws AccessException { |
365 | 363 |
//System.out.println("permission in insertXMLAccess: " + permission); |
366 | 364 |
try |
... | ... | |
376 | 374 |
logMetacat.warn(e.getMessage()); |
377 | 375 |
} |
378 | 376 |
|
379 |
if (id == null) { |
|
377 |
if (guid == null) {
|
|
380 | 378 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - id is required when " + |
381 | 379 |
"inserting XML access record"); |
382 | 380 |
} |
... | ... | |
405 | 403 |
serialNumber = conn.getCheckOutSerialNumber(); |
406 | 404 |
|
407 | 405 |
String sql = "INSERT INTO xml_access " + |
408 |
"(docid, guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " +
|
|
409 |
"VALUES (?,?,?,?,?,?,?,?)";
|
|
406 |
"(guid, principal_name, permission, perm_type, perm_order, accessfileid, subtreeid ) " + |
|
407 |
"VALUES (?,?,?,?,?,?,?)"; |
|
410 | 408 |
pstmt = conn.prepareStatement(sql); |
411 | 409 |
|
412 |
String guid = null; |
|
413 |
String docid = null; |
|
414 |
if (idAttribute.equals(GUID)) { |
|
415 |
guid = id; |
|
416 |
try { |
|
417 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
418 |
// Parse the localId into scope and rev parts, strip off the rev |
|
419 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
420 |
docid = acc.getDocid(); |
|
421 |
} catch (McdbDocNotFoundException e) { |
|
422 |
//ignore |
|
423 |
logMetacat.warn("No local id mapping found for guid: " + id); |
|
424 |
} catch (NumberFormatException e) { |
|
425 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
426 |
} catch (AccessionNumberException e) { |
|
427 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
428 |
} |
|
429 |
} else { |
|
430 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
431 |
try { |
|
432 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
433 |
} catch (McdbDocNotFoundException e) { |
|
434 |
//ignore |
|
435 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev); |
|
436 |
} |
|
437 |
docid = id; |
|
438 |
} |
|
439 | 410 |
|
440 | 411 |
// Bind the values to the query |
441 |
pstmt.setString(1, docid); |
|
442 |
pstmt.setString(2, guid); |
|
443 |
pstmt.setString(3, principalName); |
|
444 |
pstmt.setLong(4, permission); |
|
445 |
pstmt.setString(5, permType); |
|
446 |
pstmt.setString(6, permOrder); |
|
447 |
pstmt.setString(7, accessFileId); |
|
448 |
pstmt.setString(8, subTreeId); |
|
412 |
pstmt.setString(1, guid); |
|
413 |
pstmt.setString(2, principalName); |
|
414 |
pstmt.setLong(3, permission); |
|
415 |
pstmt.setString(4, permType); |
|
416 |
pstmt.setString(5, permOrder); |
|
417 |
pstmt.setString(6, accessFileId); |
|
418 |
pstmt.setString(7, subTreeId); |
|
449 | 419 |
|
450 | 420 |
String sqlReport = "XMLAccessAccess.insertXMLAccess - SQL: " + sql; |
451 |
sqlReport += " [" + docid + "," + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]";
|
|
421 |
sqlReport += " [" + guid + "," + principalName + "," + permission + "," + permType + "," + permOrder + "]"; |
|
452 | 422 |
|
453 | 423 |
logMetacat.info(sqlReport); |
454 | 424 |
|
455 | 425 |
pstmt.execute(); |
456 | 426 |
} catch (SQLException sqle) { |
457 | 427 |
throw new AccessException("XMLAccessAccess.insertXMLAccess - SQL error when inserting" |
458 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
428 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
459 | 429 |
principalName + ":" + sqle.getMessage()); |
460 | 430 |
} finally { |
461 | 431 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
466 | 436 |
* Update existing xml access permissions in the db. The permission value should be the combined |
467 | 437 |
* value of pre-existing permissions plus new permissions. |
468 | 438 |
* |
469 |
* @param id |
|
439 |
* @param guid
|
|
470 | 440 |
* document id |
471 | 441 |
* @param principalName |
472 | 442 |
* principal credentials |
473 | 443 |
* @param permission |
474 | 444 |
* permission bitmap |
475 | 445 |
*/ |
476 |
private void updateXMLAccessPermission(String id, String principalName, Long permission) |
|
446 |
private void updateXMLAccessPermission(String guid, String principalName, Long permission)
|
|
477 | 447 |
throws AccessException { |
478 |
if (id == null) { |
|
448 |
if (guid == null) {
|
|
479 | 449 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - id is required when " + |
480 | 450 |
"updating XML access record"); |
481 | 451 |
} |
... | ... | |
497 | 467 |
serialNumber = conn.getCheckOutSerialNumber(); |
498 | 468 |
|
499 | 469 |
String sql = "UPDATE xml_access SET permission = ?" + |
500 |
"WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
470 |
"WHERE guid = ? AND principal_name = ?";
|
|
501 | 471 |
pstmt = conn.prepareStatement(sql); |
502 | 472 |
|
503 | 473 |
// Bind the values to the query |
504 | 474 |
pstmt.setLong(1, permission); |
505 |
pstmt.setString(2, id); |
|
475 |
pstmt.setString(2, guid);
|
|
506 | 476 |
pstmt.setString(3, principalName); |
507 | 477 |
|
508 | 478 |
String sqlReport = "XMLAccessAccess.updateXMLAccessPermission - SQL: " + sql; |
509 |
sqlReport += " [" + permission + "," + id + "," + principalName + "]"; |
|
479 |
sqlReport += " [" + permission + "," + guid + "," + principalName + "]";
|
|
510 | 480 |
|
511 | 481 |
logMetacat.info(sqlReport); |
512 | 482 |
|
513 | 483 |
pstmt.execute(); |
514 | 484 |
} catch (SQLException sqle) { |
515 | 485 |
throw new AccessException("XMLAccessAccess.updateXMLAccessPermission - SQL error when updating" |
516 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
486 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
517 | 487 |
principalName + ":" + sqle.getMessage()); |
518 | 488 |
} finally { |
519 | 489 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
526 | 496 |
* for a given document. If the provided permission is exactly the same as what |
527 | 497 |
* the principal has, the record is deleted from the database. |
528 | 498 |
* |
529 |
* @param id |
|
499 |
* @param guid
|
|
530 | 500 |
* document id |
531 | 501 |
* @param principalName |
532 | 502 |
* principal credentials |
533 | 503 |
*/ |
534 |
public void removeXMLAccessForPrincipal(String id, String principalName, Long permission) throws AccessException { |
|
535 |
if (id == null) { |
|
504 |
public void removeXMLAccessForPrincipal(String guid, String principalName, Long permission) throws AccessException {
|
|
505 |
if (guid == null) {
|
|
536 | 506 |
throw new AccessException("XMLAccessAccess.removeXMLAccessForPrincipal - id is required when " + |
537 | 507 |
"removing XML access"); |
538 | 508 |
} |
... | ... | |
545 | 515 |
"updating XML access"); |
546 | 516 |
} |
547 | 517 |
|
548 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(id, principalName); |
|
518 |
Vector<XMLAccessDAO> xmlAccessList = getXMLAccessForPrincipal(guid, principalName);
|
|
549 | 519 |
if (xmlAccessList.size() == 0) { |
550 | 520 |
logMetacat.warn("XMLAccessAccess.removeXMLAccessForPrincipal - attempting to remove access when no " + |
551 |
"access record exists for id: " + id + ", principal: " + principalName); |
|
521 |
"access record exists for id: " + guid + ", principal: " + principalName);
|
|
552 | 522 |
} else { |
553 | 523 |
long permissionMask = 0; |
554 | 524 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
... | ... | |
559 | 529 |
// in this case, the only existing permissions are the ones we want to remove, so |
560 | 530 |
// delete the record(s) for this principal on this document |
561 | 531 |
if ((permissionMask & permission) == permission) { |
562 |
deleteXMLAccessForPrincipal(id, principalName); |
|
532 |
deleteXMLAccessForPrincipal(guid, principalName);
|
|
563 | 533 |
} |
564 | 534 |
|
565 | 535 |
if (xmlAccessList.size() > 1) { |
566 | 536 |
|
567 | 537 |
} else { |
568 |
updateXMLAccessPermission(id, principalName, permission); |
|
538 |
updateXMLAccessPermission(guid, principalName, permission);
|
|
569 | 539 |
} |
570 | 540 |
} |
571 | 541 |
|
... | ... | |
577 | 547 |
* @param id |
578 | 548 |
* document id |
579 | 549 |
*/ |
580 |
public void deleteXMLAccessForDoc(String id) throws AccessException { |
|
581 |
if (id == null) { |
|
550 |
public void deleteXMLAccessForDoc(String guid) throws AccessException {
|
|
551 |
if (guid == null) {
|
|
582 | 552 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
583 | 553 |
"deleting XML access record"); |
584 | 554 |
} |
... | ... | |
588 | 558 |
int serialNumber = -1; |
589 | 559 |
try { |
590 | 560 |
|
591 |
String guid = null; |
|
592 |
String docid = null; |
|
593 |
if (idAttribute.equals(GUID)) { |
|
594 |
guid = id; |
|
595 |
try { |
|
596 |
String localId = IdentifierManager.getInstance().getLocalId(id); |
|
597 |
// Parse the localId into scope and rev parts, strip off the rev |
|
598 |
AccessionNumber acc = new AccessionNumber(localId, "NOACTION"); |
|
599 |
docid = acc.getDocid(); |
|
600 |
} catch (McdbDocNotFoundException e) { |
|
601 |
//ignore |
|
602 |
logMetacat.warn("No local id mapping found for guid: " + id); |
|
603 |
} catch (NumberFormatException e) { |
|
604 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
605 |
} catch (AccessionNumberException e) { |
|
606 |
logMetacat.warn("LocalId could not be parsed for guid: " + id); |
|
607 |
} |
|
608 |
} else { |
|
609 |
int rev = DBUtil.getLatestRevisionInDocumentTable(id); |
|
610 |
try { |
|
611 |
guid = IdentifierManager.getInstance().getGUID(id, rev); |
|
612 |
} catch (McdbDocNotFoundException e) { |
|
613 |
//ignore |
|
614 |
logMetacat.warn("No guid mapping found for docid: " + id + "." + rev); |
|
615 |
} |
|
616 |
docid = id; |
|
617 |
} |
|
618 |
|
|
619 | 561 |
// check out DBConnection |
620 | 562 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc"); |
621 | 563 |
serialNumber = conn.getCheckOutSerialNumber(); |
622 | 564 |
|
623 |
String sql = "DELETE FROM xml_access WHERE docid = ? OR guid = ?";
|
|
565 |
String sql = "DELETE FROM xml_access WHERE guid = ?"; |
|
624 | 566 |
pstmt = conn.prepareStatement(sql); |
625 | 567 |
|
626 | 568 |
// Bind the values to the query |
627 |
pstmt.setString(1, docid); |
|
628 |
pstmt.setString(2, guid); |
|
569 |
pstmt.setString(1, guid); |
|
629 | 570 |
|
630 |
|
|
631 | 571 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
632 |
sqlReport += " [" + id + "]"; |
|
572 |
sqlReport += " [" + guid + "]";
|
|
633 | 573 |
|
634 | 574 |
logMetacat.info(sqlReport); |
635 | 575 |
|
636 | 576 |
pstmt.execute(); |
637 | 577 |
} catch (SQLException sqle) { |
638 | 578 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting" |
639 |
+ "xml access permissions for id: " + id + ":" + sqle.getMessage()); |
|
579 |
+ "xml access permissions for id: " + guid + ":" + sqle.getMessage());
|
|
640 | 580 |
} finally { |
641 | 581 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
642 | 582 |
} |
... | ... | |
646 | 586 |
* Delete xml access. This removes all access records from the database for a principal |
647 | 587 |
* for a given document |
648 | 588 |
* |
649 |
* @param id |
|
589 |
* @param guid
|
|
650 | 590 |
* document id |
651 | 591 |
* @param principal |
652 | 592 |
* principal credentials |
653 | 593 |
*/ |
654 |
private void deleteXMLAccessForPrincipal(String id, String principalName) throws AccessException { |
|
655 |
if (id == null) { |
|
594 |
private void deleteXMLAccessForPrincipal(String guid, String principalName) throws AccessException {
|
|
595 |
if (guid == null) {
|
|
656 | 596 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
657 | 597 |
"deleting XML access record"); |
658 | 598 |
} |
... | ... | |
669 | 609 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal"); |
670 | 610 |
serialNumber = conn.getCheckOutSerialNumber(); |
671 | 611 |
|
672 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ?";
|
|
612 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ?";
|
|
673 | 613 |
pstmt = conn.prepareStatement(sql); |
674 | 614 |
|
675 | 615 |
// Bind the values to the query |
676 |
pstmt.setString(1, id); |
|
616 |
pstmt.setString(1, guid);
|
|
677 | 617 |
pstmt.setString(2, principalName); |
678 | 618 |
|
679 | 619 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
680 |
sqlReport += " [" + id + "," + principalName + "]"; |
|
620 |
sqlReport += " [" + guid + "," + principalName + "]";
|
|
681 | 621 |
|
682 | 622 |
logMetacat.info(sqlReport); |
683 | 623 |
|
684 | 624 |
pstmt.execute(); |
685 | 625 |
} catch (SQLException sqle) { |
686 | 626 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting" |
687 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
627 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
688 | 628 |
principalName + ":" + sqle.getMessage()); |
689 | 629 |
} finally { |
690 | 630 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
692 | 632 |
} |
693 | 633 |
|
694 | 634 |
/** |
635 |
* Delete xml access. This removes all access records from the database for a principal |
|
636 |
* for a given document |
|
637 |
* |
|
638 |
* @param guid |
|
639 |
* document id |
|
640 |
* @param principal |
|
641 |
* principal credentials |
|
642 |
*/ |
|
643 |
public void deleteXMLAccessForDoc(String guid, String permType) throws AccessException { |
|
644 |
if (guid == null) { |
|
645 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - id is required when " + |
|
646 |
"deleting XML access record"); |
|
647 |
} |
|
648 |
if (permType == null) { |
|
649 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - permType is required when " + |
|
650 |
"deleting XML access record"); |
|
651 |
} |
|
652 |
|
|
653 |
PreparedStatement pstmt = null; |
|
654 |
DBConnection conn = null; |
|
655 |
int serialNumber = -1; |
|
656 |
try { |
|
657 |
// check out DBConnection |
|
658 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForDoc"); |
|
659 |
serialNumber = conn.getCheckOutSerialNumber(); |
|
660 |
|
|
661 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND perm_type = ?"; |
|
662 |
pstmt = conn.prepareStatement(sql); |
|
663 |
|
|
664 |
// Bind the values to the query |
|
665 |
pstmt.setString(1, guid); |
|
666 |
pstmt.setString(2, permType); |
|
667 |
|
|
668 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForDoc - SQL: " + sql; |
|
669 |
sqlReport += " [" + guid + "," + permType + "]"; |
|
670 |
|
|
671 |
logMetacat.info(sqlReport); |
|
672 |
|
|
673 |
pstmt.execute(); |
|
674 |
} catch (SQLException sqle) { |
|
675 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForDoc - SQL error when deleting" |
|
676 |
+ "xml access permissions for id: " + guid + ", permType: " + |
|
677 |
permType + ":" + sqle.getMessage()); |
|
678 |
} finally { |
|
679 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
|
680 |
} |
|
681 |
} |
|
682 |
|
|
683 |
/** |
|
695 | 684 |
* Checks to see if there is a permission order conflict for a given document. Each |
696 | 685 |
* document is only allowed to have a single permission order |
697 | 686 |
* |
698 |
* @param id |
|
687 |
* @param guid
|
|
699 | 688 |
* document id |
700 | 689 |
* @param principal |
701 | 690 |
* principal credentials |
702 | 691 |
*/ |
703 |
private void permOrderConflict(String id, String permOrder) throws AccessException, PermOrderException { |
|
704 |
if (id == null) { |
|
692 |
private void permOrderConflict(String guid, String permOrder) throws AccessException, PermOrderException {
|
|
693 |
if (guid == null) {
|
|
705 | 694 |
throw new AccessException("XMLAccessAccess.permOrderConflict - id is required when " + |
706 | 695 |
"determining perm order conflict"); |
707 | 696 |
} |
... | ... | |
718 | 707 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.permOrderConflict"); |
719 | 708 |
serialNumber = conn.getCheckOutSerialNumber(); |
720 | 709 |
|
721 |
String sql = "SELECT * FROM xml_access WHERE " + idAttribute + " = ? AND perm_order != ?";
|
|
710 |
String sql = "SELECT * FROM xml_access WHERE guid = ? AND perm_order != ?";
|
|
722 | 711 |
pstmt = conn.prepareStatement(sql); |
723 | 712 |
|
724 | 713 |
// Bind the values to the query |
725 |
pstmt.setString(1, id); |
|
714 |
pstmt.setString(1, guid);
|
|
726 | 715 |
pstmt.setString(2, permOrder); |
727 | 716 |
|
728 | 717 |
String sqlReport = "XMLAccessAccess.permOrderConflict - SQL: " + sql; |
729 |
sqlReport += " [" + id + "," + permOrder + "]"; |
|
718 |
sqlReport += " [" + guid + "," + permOrder + "]";
|
|
730 | 719 |
|
731 | 720 |
logMetacat.info(sqlReport); |
732 | 721 |
|
... | ... | |
735 | 724 |
ResultSet resultSet = pstmt.getResultSet(); |
736 | 725 |
if (resultSet.next()) { |
737 | 726 |
throw new PermOrderException("XMLAccessAccess.addXMLAccess - cannot add permission " + |
738 |
"record for id: " + id + "with permOrder: " + permOrder + " due to permOrder conflict"); |
|
727 |
"record for id: " + guid + "with permOrder: " + permOrder + " due to permOrder conflict");
|
|
739 | 728 |
} |
740 | 729 |
} catch (SQLException sqle) { |
741 | 730 |
throw new AccessException("XMLAccessAccess.permOrderConflict - SQL error when checking" |
742 |
+ "for perm order conflict on: " + id + ":" + sqle.getMessage()); |
|
731 |
+ "for perm order conflict on: " + guid + ":" + sqle.getMessage());
|
|
743 | 732 |
} finally { |
744 | 733 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
745 | 734 |
} |
... | ... | |
750 | 739 |
* Delete xml access. This removes all access records from the database for a principal |
751 | 740 |
* for a given document, perm type and perm order |
752 | 741 |
* |
753 |
* @param id |
|
742 |
* @param guid
|
|
754 | 743 |
* document id |
755 | 744 |
* @param principal |
756 | 745 |
* principal credentials |
757 | 746 |
*/ |
758 |
private void deleteXMLAccessForPrincipal(String id, String principalName, String permType, String permOrder) throws AccessException { |
|
759 |
if (id == null) { |
|
747 |
private void deleteXMLAccessForPrincipal(String guid, String principalName, String permType, String permOrder) throws AccessException {
|
|
748 |
if (guid == null) {
|
|
760 | 749 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - id is required when " + |
761 | 750 |
"deleting XML access record"); |
762 | 751 |
} |
... | ... | |
783 | 772 |
conn = DBConnectionPool.getDBConnection("XMLAccessAccess.deleteXMLAccessForPrincipal"); |
784 | 773 |
serialNumber = conn.getCheckOutSerialNumber(); |
785 | 774 |
|
786 |
String sql = "DELETE FROM xml_access WHERE " + idAttribute + " = ? AND principal_name = ? " +
|
|
775 |
String sql = "DELETE FROM xml_access WHERE guid = ? AND principal_name = ? " +
|
|
787 | 776 |
"AND perm_type = ? AND perm_order = ?"; |
788 | 777 |
pstmt = conn.prepareStatement(sql); |
789 | 778 |
|
790 | 779 |
// Bind the values to the query |
791 |
pstmt.setString(1, id); |
|
780 |
pstmt.setString(1, guid);
|
|
792 | 781 |
pstmt.setString(2, principalName); |
793 | 782 |
pstmt.setString(3, permType); |
794 | 783 |
pstmt.setString(4, permOrder); |
795 | 784 |
|
796 | 785 |
String sqlReport = "XMLAccessAccess.deleteXMLAccessForPrincipal - SQL: " + sql; |
797 |
sqlReport += " [" + id + "," + principalName + "," + permType + "," + permOrder + "]"; |
|
786 |
sqlReport += " [" + guid + "," + principalName + "," + permType + "," + permOrder + "]";
|
|
798 | 787 |
|
799 | 788 |
logMetacat.info(sqlReport); |
800 | 789 |
|
801 | 790 |
pstmt.execute(); |
802 | 791 |
} catch (SQLException sqle) { |
803 | 792 |
throw new AccessException("XMLAccessAccess.deleteXMLAccessForPrincipal - SQL error when deleting" |
804 |
+ "xml access permissions for id: " + id + ", principal: " + |
|
793 |
+ "xml access permissions for id: " + guid + ", principal: " +
|
|
805 | 794 |
principalName + ":" + sqle.getMessage()); |
806 | 795 |
} finally { |
807 | 796 |
closeDBObjects(pstmt, conn, serialNumber, logMetacat); |
... | ... | |
822 | 811 |
int numDenyRecords = 0; |
823 | 812 |
long allowPermissionMask = 0; |
824 | 813 |
long denyPermissionMask = 0; |
825 |
String id = null; |
|
814 |
String guid = null;
|
|
826 | 815 |
String principalName = null; |
827 | 816 |
String permType = null; |
828 | 817 |
String permOrder = null; |
... | ... | |
834 | 823 |
// iterate through the list of access dao objects and bttwise or the permissions. Most |
835 | 824 |
// of this is just doing some error checking to make sure each record is valid. |
836 | 825 |
for (XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
837 |
String daoId = xmlAccessDAO.getDocId(); |
|
838 |
if (idAttribute.equals(GUID)) { |
|
839 |
daoId = xmlAccessDAO.getGuid(); |
|
840 |
} |
|
841 |
if (id == null) { |
|
842 |
id = daoId; |
|
826 |
String daoId = xmlAccessDAO.getGuid(); |
|
827 |
if (guid == null) { |
|
828 |
guid = daoId; |
|
843 | 829 |
} else { |
844 |
if (!id.equals(daoId)) { |
|
830 |
if (!guid.equals(daoId)) {
|
|
845 | 831 |
throw new AccessException("XMLAccessAccess.cleanupXMLAccessForPrincipal - " + |
846 |
" Conflicting ids " + daoId + " and " + id); |
|
832 |
" Conflicting ids " + daoId + " and " + guid);
|
|
847 | 833 |
} |
848 | 834 |
} |
849 | 835 |
if (principalName == null) { |
... | ... | |
900 | 886 |
// if there was more than one allow record, remove all allow records for this user on this doc |
901 | 887 |
// with this perm type and perm order then insert a single record |
902 | 888 |
if (numAllowRecords > 1) { |
903 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.ALLOW, permOrder); |
|
904 |
insertXMLAccess(id, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId); |
|
889 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.ALLOW, permOrder);
|
|
890 |
insertXMLAccess(guid, principalName, allowPermissionMask, AccessControlInterface.ALLOW, permOrder, accessFileId, subTreeId);
|
|
905 | 891 |
} |
906 | 892 |
// if there was more than one deny record, remove all deny records for this user on this doc |
907 | 893 |
// with this perm type and perm order then insert a single record |
908 | 894 |
if (numDenyRecords > 1) { |
909 |
deleteXMLAccessForPrincipal(id, principalName, AccessControlInterface.DENY, permOrder); |
|
910 |
insertXMLAccess(id, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId); |
|
895 |
deleteXMLAccessForPrincipal(guid, principalName, AccessControlInterface.DENY, permOrder);
|
|
896 |
insertXMLAccess(guid, principalName, denyPermissionMask, AccessControlInterface.DENY, permOrder, accessFileId, subTreeId);
|
|
911 | 897 |
} |
912 | 898 |
} |
913 | 899 |
|
... | ... | |
921 | 907 |
private void validateDocXMLAccessList(Vector<XMLAccessDAO> xmlAccessList) throws PermOrderException { |
922 | 908 |
String permOrder = null; |
923 | 909 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
924 |
String daoId = xmlAccessDAO.getDocId(); |
|
925 |
if (idAttribute.equals(GUID)) { |
|
926 |
daoId = xmlAccessDAO.getGuid(); |
|
927 |
} |
|
910 |
String daoId = xmlAccessDAO.getGuid(); |
|
928 | 911 |
if (permOrder == null) { |
929 | 912 |
permOrder = xmlAccessDAO.getPermOrder(); |
930 | 913 |
} else { |
... | ... | |
949 | 932 |
|
950 | 933 |
boolean allowFirst = false; |
951 | 934 |
boolean denyFirst = false; |
952 |
String id = null; |
|
935 |
String guid = null;
|
|
953 | 936 |
|
954 | 937 |
// These vectors will hold all combinations of access DAOs with different permission |
955 | 938 |
// orders and permission types. |
... | ... | |
960 | 943 |
|
961 | 944 |
// sort the access dao records into the appropriate vector |
962 | 945 |
for(XMLAccessDAO xmlAccessDAO : xmlAccessList) { |
963 |
String daoId = xmlAccessDAO.getDocId();
|
|
964 |
if (idAttribute.equals(GUID)) {
|
|
965 |
daoId = xmlAccessDAO.getGuid();
|
|
946 |
String daoId = xmlAccessDAO.getGuid();
|
|
947 |
if (guid == null) {
|
|
948 |
guid = daoId;
|
|
966 | 949 |
} |
967 |
if (id == null) { |
|
968 |
id = daoId; |
|
969 |
} |
|
970 | 950 |
if (xmlAccessDAO.getPermOrder().equals(AccessControlInterface.ALLOWFIRST)) { |
971 | 951 |
allowFirst = true; |
972 | 952 |
if (xmlAccessDAO.getPermType().equals(AccessControlInterface.ALLOW)) { |
... | ... | |
1000 | 980 |
// document |
1001 | 981 |
if(allowFirst && denyFirst) { |
1002 | 982 |
throw new PermOrderException("XMLAccessAccess.validatePrincipalXMLAccessList - " + |
1003 |
" Conflicting permission orders for document " + id + |
|
983 |
" Conflicting permission orders for document " + guid +
|
|
1004 | 984 |
". Database intervention required "); |
1005 | 985 |
} |
1006 | 986 |
} |
... | ... | |
1015 | 995 |
protected XMLAccessDAO populateDAO(ResultSet resultSet) throws SQLException { |
1016 | 996 |
|
1017 | 997 |
XMLAccessDAO xmlAccessDAO = new XMLAccessDAO(); |
1018 |
xmlAccessDAO.setDocId(resultSet.getString(idAttribute));
|
|
998 |
xmlAccessDAO.setGuid(resultSet.getString("guid"));
|
|
1019 | 999 |
xmlAccessDAO.setAccessFileId(resultSet.getString("accessfileid")); |
1020 | 1000 |
xmlAccessDAO.setPrincipalName(resultSet.getString("principal_name")); |
1021 | 1001 |
xmlAccessDAO.setPermission(resultSet.getLong("permission")); |
Also available in: Unified diff
refactor Metacat access handling to be on a per-revision basis so that it more closely aligns with the DataONE approach
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5560