/src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/accesscontrol/AccessControlForSingleFile.java @ 7829

-            tao
+/**
  *  '$RCSfile$'
  *    Purpose: A Class that loads eml-access.xml file containing ACL
  *             for a metadata document into relational DB
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Jivka Bojilova
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
-            daigle
+package edu.ucsb.nceas.metacat.accesscontrol;
             tao
-            daigle
+import java.io.IOException;
 import java.io.StringReader;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Vector;
             daigle
-            sgarg
+import org.apache.log4j.Logger;
-            daigle
+import org.xml.sax.ContentHandler;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
             tao
-            leinfelder
+import edu.ucsb.nceas.metacat.DBUtil;
 import edu.ucsb.nceas.metacat.IdentifierManager;
 import edu.ucsb.nceas.metacat.McdbDocNotFoundException;
-            daigle
+import edu.ucsb.nceas.metacat.McdbException;
 import edu.ucsb.nceas.metacat.PermissionController;
-            daigle
+import edu.ucsb.nceas.metacat.database.DBConnection;
 import edu.ucsb.nceas.metacat.database.DBConnectionPool;
-            daigle
+import edu.ucsb.nceas.metacat.properties.PropertyService;
-            daigle
+import edu.ucsb.nceas.metacat.shared.AccessException;
-            daigle
+import edu.ucsb.nceas.metacat.util.DocumentUtil;
-            daigle
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
-            leinfelder
+import edu.ucsb.nceas.utilities.access.AccessControlInterface;
 import edu.ucsb.nceas.utilities.access.DocInfoHandler;
 import edu.ucsb.nceas.utilities.access.XMLAccessDAO;
             tao
             daigle
-            tao
+/**
  * A Class that loads eml-access.xml file containing ACL for a metadata
  * document into relational DB. It extends DefaultHandler class to handle
  * SAX parsing events when processing the XML stream.
  */
 public class AccessControlForSingleFile implements AccessControlInterface
+{
-            leinfelder
+  private String _guid;
-            sgarg
+  private Logger logMetacat = Logger.getLogger(AccessControlForSingleFile.class);
             tao
-            daigle
+    /**
 	 * Construct an instance of the AccessControlForSingleFile class.  This
 	 * instance will represent one file only.
+	 *
 	 * @param myAccessNumber
 	 *            the docid or docid with dev will be controlled
 	 */
 	public AccessControlForSingleFile(String accessionNumber)
 			throws AccessControlException {
             daigle
-            leinfelder
+		// this is a local metacat id
 		String docid = DocumentUtil.getDocIdFromString(accessionNumber);
 		// get the revision
 		String revision = DocumentUtil.getRevisionStringFromString(accessionNumber);
 		int rev = -1;
 		if (revision != null) {
 			// we were given it
 			rev = Integer.valueOf(revision);
 		} else {
 			// look up the latest
 			try {
 				rev = DBUtil.getLatestRevisionInDocumentTable(docid);
 			} catch (SQLException e) {
 				AccessControlException ace = new AccessControlException(e.getMessage());
 				ace.initCause(e);
 				throw ace;
+			}
 			if (rev <= 0) {
 				// look in the revisions table
 				try {
 					rev = DBUtil.getMaxRevFromRevisionTable(docid);
 				} catch (SQLException e) {
 					AccessControlException ace = new AccessControlException(e.getMessage());
 					ace.initCause(e);
 					throw ace;
+				}
+			}
             daigle
             leinfelder
 		// find the guid for this docid.rev
 		try {
 			_guid = IdentifierManager.getInstance().getGUID(docid, rev);
 		} catch (McdbDocNotFoundException e) {
 			AccessControlException ace = new AccessControlException(e.getMessage());
 			ace.initCause(e);
 			throw ace;
+		}
 		// couldn't find it?
 		if (_guid == null || _guid.equals("")) {
 			throw new AccessControlException("Guid cannot be null");
+		}
             daigle
-            leinfelder
+		logMetacat.debug("AccessControlForSingleFile() - docid: " + _guid);
             daigle
             tao
-            daigle
+  	/**
 	 * Insert a single access record into the database based on access DAO
 	 * object
+	 *
 	 * @param xmlAccessDAO
 	 *            dao object holding info to insert
 	 */
-            daigle
+	public void insertPermissions(XMLAccessDAO xmlAccessDAO)
 			throws AccessControlException, PermOrderException{
-            daigle
+		insertPermissions(xmlAccessDAO.getPrincipalName(), xmlAccessDAO.getPermission(),
-            leinfelder
+				xmlAccessDAO.getPermType(), xmlAccessDAO.getPermOrder(), xmlAccessDAO.getAccessFileId(), xmlAccessDAO.getSubTreeId());
             daigle
             tao
-            daigle
+	/**
 	 * Insert a single access record into the database.
+	 *
 	 * @param principalName
-            daigle
+	 *            the principal credentials
-            daigle
+	 * @param permission
-            daigle
+	 *            the permission
-            daigle
+	 * @param permType
-            daigle
+	 *            the permission type
-            daigle
+	 * @param permOrder
-            daigle
+	 *            the permission order
-            daigle
+	 */
-            leinfelder
+	public void insertPermissions(String principalName, Long permission, String permType, String permOrder, String accessFileId, String subTreeId)
-            daigle
+			throws AccessControlException, PermOrderException {
-            daigle
+		try {
 			// The addXMLAccess method will create the permission record if it does not exist.
 			// It will bitwise OR to permissions if the principal already has a record for this
 			// doc id.
 			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
-            berkley
+			//System.out.println("permission in accessControlForSingleFile.insertPermissions: " + permission);
-            leinfelder
+			xmlAccessAccess.addXMLAccess(_guid, principalName, new Long(permission), permType, permOrder, accessFileId, subTreeId);
-            daigle
+		} catch (AccessException ae) {
 			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
 					+ "DB access error when inserting permissions: " + ae.getMessage());
+		}
+	}
             leinfelder
-            daigle
+	/**
 	 * Replace existing permissions with a given block of permissions for this
 	 * document.
             daigle
-            daigle
+	 * @param accessBlock
 	 *            the xml access block. This is the same structure as that
 	 *            returned by the getdocumentinfo action in metacat.
 	 */
 	public void insertPermissions(String accessBlock) throws AccessControlException {
-            daigle
+		try {
 			// use DocInfoHandler to parse the access section into DAO objects
-            daigle
+			XMLReader parser = null;
-            leinfelder
+			DocInfoHandler docInfoHandler = new DocInfoHandler(_guid);
-            daigle
+			ContentHandler chandler = docInfoHandler;
 			// Get an instance of the parser
 			String parserName = PropertyService.getProperty("xml.saxparser");
 			parser = XMLReaderFactory.createXMLReader(parserName);
 			// Turn off validation
 			parser.setFeature("http://xml.org/sax/features/validation", false);
 			parser.setContentHandler((ContentHandler)chandler);
 			parser.setErrorHandler((ErrorHandler)chandler);
 			parser.parse(new InputSource(new StringReader(accessBlock)));
-            daigle
+			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
             daigle
 			// replace all access on the document
-            daigle
+	        Vector<XMLAccessDAO> accessControlList = docInfoHandler.getAccessControlList();
-            leinfelder
+	        xmlAccessAccess.replaceAccess(_guid, accessControlList);
             daigle
-            daigle
+		} catch (PropertyNotFoundException pnfe) {
 			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
-            daigle
+					+ "property error when replacing permissions: " + pnfe.getMessage());
 		} catch (AccessException ae) {
 			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
 					+ "DB access error when replacing permissions: " + ae.getMessage());
-            daigle
+		} catch (SAXException se) {
 			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
-            daigle
+					+ "SAX error when replacing permissions: " + se.getMessage());
-            daigle
+		} catch(IOException ioe) {
 			throw new AccessControlException("AccessControlForSingleFile.insertPermissions - "
-            daigle
+					+ "I/O error when replacing permissions: " + ioe.getMessage());
             daigle
+	}
 	/**
-            daigle
+	 * Check if access control comination for
 	 * docid/principal/permission/permorder/permtype already exists.
             daigle
-            daigle
+	 * @param xmlAccessDAO
 	 *            the dao object holding the access we want to check for.
-            daigle
+	 * @return true if the Access Control for this file already exists in the DB
 	 */
-            daigle
+	public boolean accessControlExists(XMLAccessDAO xmlAccessDAO) throws AccessControlException {
 		boolean exists = false;
 		PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			//check out DBConnection
 			conn=DBConnectionPool.getDBConnection
-            leinfelder
+                               ("AccessControlForSingleFiel.accessControlExists");
-            daigle
+			serialNumber=conn.getCheckOutSerialNumber();
 			pstmt = conn.prepareStatement(
 				"SELECT * FROM xml_access " +
-            leinfelder
+				"WHERE guid = ? " +
-            daigle
+				"AND principal_name = ? " +
 				"AND permission = ? " +
 				"AND perm_type = ? " +
-            leinfelder
+				"AND perm_order = ? ");
             leinfelder
-            daigle
+			// Bind the values to the query
-            leinfelder
+			pstmt.setString(1, _guid);
-            daigle
+			pstmt.setString(2, xmlAccessDAO.getPrincipalName());
 			pstmt.setLong(3, xmlAccessDAO.getPermission());
 			pstmt.setString(4, xmlAccessDAO.getPermType());
 			pstmt.setString(5, xmlAccessDAO.getPermOrder());
             leinfelder
-            daigle
+			pstmt.execute();
 			ResultSet rs = pstmt.getResultSet();
 			exists = rs.next();
             leinfelder
-            daigle
+		} catch (SQLException sqle){
 			throw new AccessControlException("AccessControlForSingleFile.accessControlExists - SQL error when " +
 					"checking if access control exists: " + sqle.getMessage());
 		} finally {
 			try {
 				if(pstmt != null) {
 					pstmt.close();
+				}
 			} catch (SQLException sqle) {
 				logMetacat.error("AccessControlForSingleFile.accessControlExists - Could not close " +
 						"prepared statement: " +sqle.getMessage());
 			} finally {
 				DBConnectionPool.returnDBConnection(conn, serialNumber);
+			}
+		}
             leinfelder
-            daigle
+		return exists;
+	}
             leinfelder
-            daigle
+	/**
 	 * Get Access Control List information for document from db connetion. User
 	 * or Group should have permissions for reading access control information
 	 * for a document specified by
+	 *
 	 * @param user
 	 *            name of user connected to Metacat system
 	 * @param groups
 	 *            names of user's groups to which user belongs
 	 */
-            daigle
+	public String getACL(String user, String[] groups)
-            daigle
+			throws AccessControlException {
 		StringBuffer output = new StringBuffer();
 		boolean hasPermission = false;
             tao
-            daigle
+		try {
-            daigle
+			hasPermission = isOwned(user);
-            daigle
+			if (!hasPermission) {
-            leinfelder
+				// get the docid for this guid
 				String docid = IdentifierManager.getInstance().getLocalId(_guid);
 				PermissionController controller = new PermissionController(docid);
-            daigle
+				hasPermission =
 					controller.hasPermission(user, groups, READSTRING);
+			}
             tao
-            daigle
+			// if the user has permissions, get the access dao list for this doc and return
 			// it as a string.  Otherwise, get the string for an empty access dao list
 			// (which will return the access section with no allow or deny sections)
-            daigle
+			if (hasPermission) {
-            daigle
+				// Get a list of all access dao objects for this docid
 				XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
-            leinfelder
+				Vector<XMLAccessDAO> xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
-            daigle
+				output.append(getAccessString(xmlAccessDAOList));
 			} else {
 				output.append(getAccessString(new Vector<XMLAccessDAO>()));
             daigle
             leinfelder
-            daigle
+			return output.toString();
 		} catch (SQLException sqle) {
 			throw new AccessControlException("AccessControlForSingleFile.getACL() - SQL error when " +
 					"getting ACL: " + sqle.getMessage());
 		} catch (AccessException ae) {
 			throw new AccessControlException("AccessControlForSingleFile.getACL() - DB access error when " +
 					"getting ACL: " + ae.getMessage());
 		} catch (McdbException mcdb) {
 			throw new AccessControlException("AccessControlForSingleFile.getACL() - MCDB error when " +
 					"getting ACL: " + mcdb.getMessage());
+		}
+	}
-            daigle
+	/**
 	 * Get the access xml for all access on this docid
+	 *
 	 * @return string representation of access
 	 */
-            daigle
+	public String getAccessString() throws AccessControlException {
 		Vector<XMLAccessDAO> xmlAccessDAOList = null;
 		try {
 			// Get a list of all access dao objects for this docid
 			XMLAccessAccess xmlAccessAccess = new XMLAccessAccess();
-            leinfelder
+			xmlAccessDAOList = xmlAccessAccess.getXMLAccessForDoc(_guid);
-            daigle
+		} catch (AccessException ae) {
 				throw new AccessControlException("AccessControlForSingleFile.getAccessString() - DB access error when " +
 						"getting access string: " + ae.getMessage());
+		}
-            daigle
+		return getAccessString(xmlAccessDAOList);
             daigle
-            daigle
+	/**
 	 * Put together an xml representation of the objects in a given access dao list
 	 * @param xmlAccessDAOList list of xml access DAO objects
 	 * @return string representation of access
 	 */
-            daigle
+	public String getAccessString(Vector<XMLAccessDAO> xmlAccessDAOList) throws AccessControlException {
             daigle
 		StringBuffer output = new StringBuffer();
 		StringBuffer tmpOutput = new StringBuffer();
 		StringBuffer allowOutput = new StringBuffer();
 		StringBuffer denyOutput = new StringBuffer();
 		String principal = null;
 		int permission = -1;
 		String permOrder = ALLOWFIRST;
 		String permType = null;
-            leinfelder
+		String accessfileid = null;
 		String subtreeid = null;
             daigle
 		// We assume that all the records will have the same permission order, so we can just
 		// grab the perm order from the first one.
 		if (xmlAccessDAOList.size() > 0) {
 			permOrder = xmlAccessDAOList.get(0).getPermOrder();
-            leinfelder
+			accessfileid = xmlAccessDAOList.get(0).getAccessFileId();
 			subtreeid = xmlAccessDAOList.get(0).getSubTreeId();
             daigle
             leinfelder
 		// get the docid for this guid
 		String docid = _guid;
 		try {
 			docid = IdentifierManager.getInstance().getLocalId(_guid);
 		} catch (McdbDocNotFoundException e) {
 			logMetacat.warn("Could not lookup docid for guid, defaulting to guid: " + _guid, e);
+		}
             daigle
-            leinfelder
+		output.append("<access authSystem=\"knb\" order=\"" + permOrder + "\" id=\"" + docid + "\" scope=\"document\"");
-            leinfelder
+		if (accessfileid != null) {
 			output.append(" accessfileid=\"" + accessfileid + "\"");
+		}
 		if (subtreeid != null) {
 			output.append(" subtreeid=\"" + subtreeid + "\"");
+		}
             daigle
 		output.append(">\n");
 		for (XMLAccessDAO xmlAccessDAO : xmlAccessDAOList) {
 			principal = xmlAccessDAO.getPrincipalName();
 			permission = xmlAccessDAO.getPermission().intValue();
-            berkley
+			//System.out.println("accessControlForSingleFile.getAccessString: permission is set to: " + permission);
-            daigle
+			permType = xmlAccessDAO.getPermType();
 			tmpOutput.append("    <" + permType + ">\n");
 			tmpOutput.append("      <principal>" + principal + "</principal>\n");
 			if ((permission & READ) == READ) {
 				tmpOutput.append("      <permission>read</permission>\n");
+			}
 			if ((permission & WRITE) == WRITE) {
 				tmpOutput.append("      <permission>write</permission>\n");
+			}
 			if ((permission & ALL) == ALL) {
 				tmpOutput.append("      <permission>all</permission>\n");
+			}
 			if ((permission & CHMOD) == CHMOD) {
 				tmpOutput.append("      <permission>chmod</permission>\n");
+			}
 			tmpOutput.append("    </" + permType + ">\n");
 			if (permType.equals(ALLOW)) {
 				allowOutput.append(tmpOutput);
 			} else if (permType.equals(DENY)) {
 				denyOutput.append(tmpOutput);
+			}
 			tmpOutput = new StringBuffer();
+		}
 		// This just orders the allow/deny sections based on the permOrder.  Not
 		// required, but convenient later when parsing the output.
 		if (permOrder.equals(ALLOWFIRST)) {
 			output.append(allowOutput);
 			output.append(denyOutput);
 		} else if (permOrder.equals(DENYFIRST)) {
 			output.append(denyOutput);
 			output.append(allowOutput);
+		}
-            daigle
+		output.append("</access>");
             daigle
 		return output.toString();
+	}
-            daigle
+	/**
 	 * check if the docid represented in this class is owned by the user
+	 *
 	 * @param user
 	 *            the user credentials
 	 * @return true if doc is owned by user, false otherwise
 	 */
 	private boolean isOwned(String user) throws SQLException {
-            daigle
+		PreparedStatement pstmt = null;
 		DBConnection conn = null;
 		int serialNumber = -1;
 		try {
 			// check out DBConnection
 			conn = DBConnectionPool.getDBConnection("AccessControlList.isOwned");
 			serialNumber = conn.getCheckOutSerialNumber();
-            leinfelder
+			String query =
 				"SELECT id.guid FROM xml_documents xd, identifier id "
 				+ "WHERE xd.docid = id.docid " +
 						"AND xd.rev = id.rev " +
 						"AND id.guid = ? " +
 						"AND user_owner = ? ";
 			pstmt = conn.prepareStatement(query );
-            leinfelder
+			pstmt.setString(1, _guid);
-            daigle
+			pstmt.setString(2, user);
 			pstmt.execute();
 			ResultSet rs = pstmt.getResultSet();
 			boolean hasRow = rs.next();
 			return hasRow;
 		} finally {
 			try {
 				if (pstmt != null) {
 					pstmt.close();
+				}
 			} finally {
 				DBConnectionPool.returnDBConnection(conn, serialNumber);
+			}
+		}
+	}
             tao

Project

General

Profile

Metacat