Project

General

Profile

« Previous | Next » 

Revision 684

Added by bojilova almost 24 years ago

Solving the problem with relication of access file where access files were rejected from the replication servers.
In AccessControlList check for serverCode is included,
so only on the local server the connected user is checked for having "all" permissions on the resources specified in it
the replication servers don't need such check b' always the connected users are different there
thus not owners of the relicated access file and not having "all" permissions on the resources.
Chad, you can try the replication now

View differences:

src/edu/ucsb/nceas/metacat/DBSAXHandler.java
253 253
        try {
254 254
          AccessControlList aclobj = 
255 255
          new AccessControlList(dbconn, docid, new StringReader(xml),
256
                                user, group);
256
                                user, group, serverCode);
257 257
          dbconn.commit();
258 258
        } catch (SAXException e) {
259 259
          try {
src/edu/ucsb/nceas/metacat/AccessControlList.java
82 82
  private String beginTime;
83 83
  private String endTime;
84 84
  private int    ticketCount;
85
  private int    serverCode = 1;
85 86
  
86 87
  /**
87 88
   * Construct an instance of the AccessControlList class.
88 89
   * It is used by the permission check up from DBQuery and DocumentImpl
90
   * and for "getaccesscontrol" action
89 91
   *
90
   * @param conn the JDBC connection where acl data are loaded
92
   * @param conn the JDBC connection where acl info is get
91 93
   */
92
  public AccessControlList ( Connection conn ) throws SQLException
94
  public AccessControlList(Connection conn) throws SQLException
93 95
  {
94 96
    this.conn = conn;
95 97
  }
......
99 101
   * It parse acl file and loads acl data into db connection.
100 102
   *
101 103
   * @param conn the JDBC connection where acl data are loaded
102
   * @param docid the Accession# of the document with the acl data
104
   * @param aclid the Accession# of the document with the acl data
103 105
   * @param acl the acl file containing acl data
106
   * @param user the user connected to MetaCat servlet and owns the document
107
   * @param group the group to which user belongs
108
   * @param serverCode the serverid from xml_replication on which this document
109
   *        resides.
104 110
   */
105 111
  public AccessControlList(Connection conn, String aclid, Reader acl,
106
                           String user, String group)
112
                           String user, String group, int serverCode)
107 113
                  throws SAXException, IOException, ClassNotFoundException 
108 114
  {
109 115
    // Get an instance of the parser
......
124 130
    this.principal = new Vector();
125 131
    this.permission = 0;
126 132
    this.ticketCount = 0;
133
    this.serverCode = serverCode;
127 134
    
128 135
    // Initialize the parser and read the queryspec
129 136
    XMLReader parser = initializeParser();
......
144 151
                  throws SAXException, IOException, ClassNotFoundException 
145 152
  {
146 153
    this(conn, aclid, new FileReader(new File(aclfilename).toString()), 
147
         user, group);
154
         user, group, 1);
148 155
  }
149 156
  
150 157
  /* Set up the SAX parser for reading the XML serialized ACL */
......
241 248
      // collect them in Vector variables
242 249
      resourceID.addElement(docid);
243 250
      resourceURL.addElement(docurl);
244
      // check permissions for @user on the current resource first
251
      
252
      // if it is the local server (originator of the document),
253
      // check for permission for @user on resource is needed
245 254
      // @user must have permission "all" on it(docid)
246
      boolean hasPermission = false;
247
      try {
248
        hasPermission = hasPermission("ALL",user,docid);
249
        if ( !hasPermission && group != null ) {
250
          hasPermission = hasPermission("ALL",group,docid);
255
      if ( serverCode == 1 ) {
256
        boolean hasPermission = false;
257
        try {
258
          hasPermission = hasPermission("ALL",user,docid);
259
          if ( !hasPermission && group != null ) {
260
            hasPermission = hasPermission("ALL",group,docid);
261
          }
262
        } catch (SQLException e) {
263
          throw new SAXException(e.getMessage());
251 264
        }
252
      } catch (SQLException e) {
253
        throw new SAXException(e.getMessage());
265
        if ( !hasPermission ) {
266
          throw new SAXException(
267
          "Permission denied for setting access control on " + docid);
268
        }
254 269
      }
255
      if ( !hasPermission ) {
256
        throw new SAXException(
257
         "Permission denied for setting access control on " + docid);
258
      }
259 270
      // end of check for "all" perm on docid
260 271

  
261 272
    } else if (currentTag.equals("principal")) {

Also available in: Unified diff