Project

General

Profile

« Previous | Next » 

Revision 7407

Added by ben leinfelder over 11 years ago

simplify the xml_access query, and instead use guid to check for permission. Now the docid/rev join (to get most recent version for search results) happens "higher up" in the query.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5696

View differences:

QuerySpecification.java
249 249 
    /*
250 250 
     * Method to get owner query. If it is owner it has all permission
251 251 
     */
252 
    private String createOwerQuery()
252 
    private String createOwnerQuery()
253 253 
    {
254 254 
        String ownerQuery = null;
255 255 
        //if user is public, we don't need to run owner query
......
272 272 
    {
273 273 
        String allowQuery = null;
274 274 
        String allowString = constructAllowString();
275 
        allowQuery = "SELECT id.docid from xml_access xa, identifier id, xml_documents xmld " +
276 
        		"WHERE id.guid = xa.guid AND id.docid = xmld.docid AND id.rev = xmld.rev AND ( " + allowString;
275 
        allowQuery = "SELECT guid from xml_access  " +
276 
        		"WHERE ( " + allowString;
277 277 
        allowQuery = allowQuery + ")";
278 278 
        logMetacat.info("QuerySpecification.createAllowRuleQuery - allow query is: " + allowQuery);
279 279 
        return allowQuery;
......
320 320 
    {
321 321 
        String denyQuery = null;
322 322 
        String denyString = constructDenyString();
323 
        denyQuery = "SELECT id.docid from xml_access xa, identifier id, xml_documents xmld " +
324 
        		"WHERE id.guid = xa.guid AND id.docid = xmld.docid AND id.rev = xmld.rev AND ( " + denyString;
323 
        denyQuery = "SELECT guid from xml_access " +
324 
        		"WHERE ( " + denyString;
325 325 
        denyQuery = denyQuery + ") ";
326 326 
        logMetacat.info("QuerySpecification.createDenyRuleQuery - denyquery is: " + denyQuery);
327 327 
        return denyQuery;
......
370 370 
    public String getAccessQuery()
371 371 
    {
372 372 
        String accessQuery = null;
373 
        String onwer = createOwerQuery();
373 
        String owner = createOwnerQuery();
374 374 
        String allow = createAllowRuleQuery();
375 375 
        String deny = createDenyRuleQuery();
376 376 

  		




  377
  
  
    
        if (onwer != null)


  		




  
  377
  
    
        if (owner != null)


  		




  378
  378
  
    
        {


  		




  379
  
  
    
          accessQuery = " AND (docid IN(" + onwer + ")";


  		




  380
  
  
    
          accessQuery = accessQuery + " OR (docid IN (" + allow + ")"


  		




  381
  
  
    
                + " AND docid NOT IN (" + deny + ")))";


  		




  
  379
  
    
          accessQuery = " AND (xml_documents.docid IN (" + owner + ")";


  		




  
  380
  
    
          accessQuery = accessQuery + " OR (identifier.guid IN (" + allow + ")"


  		




  
  381
  
    
                + " AND identifier.guid NOT IN (" + deny + ")))";


  		




  382
  382
  
    
        }


  		




  383
  383
  
    
        else


  		




  384
  384
  
    
        {


  		




  385
  
  
    
        	accessQuery = " AND (docid IN (" + allow + ")"


  		




  386
  
  
    
                + " AND docid NOT IN (" + deny + "))";


  		




  
  385
  
    
        	accessQuery = " AND (identifier.guid IN (" + allow + ")"


  		




  
  386
  
    
                + " AND identifier.guid NOT IN (" + deny + "))";


  		




  387
  387
  
    
        }


  		




  388
  388
  
    
        logMetacat.info("QuerySpecification.getAccessQuery - access query is: " + accessQuery);


  		




  389
  389
  
    
        return accessQuery;


  		




  ......




  749
  749
  
    
        StringBuffer self = new StringBuffer();


  		




  750
  750
  
    
        StringBuffer queryString = new StringBuffer();


  		




  751
  751
  
    

  		




  752
  
  
    
        queryString.append("SELECT docid,docname,doctype,");


  		




  753
  
  
    
        queryString.append("date_created, date_updated, rev ");


  		




  754
  
  
    
        queryString.append("FROM xml_documents WHERE");


  		




  
  752
  
    
        queryString.append("SELECT xml_documents.docid, docname, doctype, date_created, date_updated, xml_documents.rev ");


  		




  
  753
  
    
        queryString.append("FROM xml_documents, identifier ");


  		




  
  754
  
    
        queryString.append("WHERE xml_documents.docid = identifier.docid AND xml_documents.rev = identifier.rev AND");


  		




  755
  755
  
    

  		




  756
  756
  
    
        // Get the query from the QueryGroup and check


  		




  757
  757
  
    
        // if no query has been returned


  		




  ......




  766
  766
  
    
        logMetacat.info("QuerySpecification.printSQL - Query : " + queryFromQueryGroup);


  		




  767
  767
  
    
        


  		




  768
  768
  
    
        if(!queryFromQueryGroup.trim().equals("")){


  		




  769
  
  
    
            self.append(" docid IN (");


  		




  
  769
  
    
            self.append(" xml_documents.docid IN (");


  		




  770
  770
  
    
            self.append(queryFromQueryGroup);


  		




  771
  771
  
    
            self.append(") ");


  		




  772
  772
  
    
            // add the parameter values


  		












Also available in:  Unified diff