Project

General

Profile

« Previous | Next » 

Revision 869

Added by berkley over 22 years ago

fixed error where person with 'all' permission could not update the access file.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
589 589 
                                String principal, String docid)
590 590 
                 throws SQLException
591 591 
  {
592 
    System.out.println("Does " + principal + " have " + permission + " on " + docid);
592 593 
    PreparedStatement pstmt;
593 594 
    // check public access to @docid from xml_documents table
594 595 
    if ( permission.equals("READ") ) {
......
606 607 
        if (hasRow) {
607 608 
          return true;
608 609 
        }
609 
//System.out.println("Passed the check for public access");
610 610 

  		




  
  611
  
    

  		




  611
  612
  
    
      } catch (SQLException e) {


  		




  612
  613
  
    
        throw new 


  		




  613
  614
  
    
        SQLException("AccessControlList.hasPermission(). " +


  		




  ......




  633
  634
  
    
        pstmt.close();


  		




  634
  635
  
    
        if (hasRow) {


  		




  635
  636
  
    
          return true;


  		




  636
  
  
    
        }


  		




  637
  
  
    
//System.out.println("Passed the check for ownership");      


  		




  
  637
  
    
        }    


  		




  638
  638
  
    
     


  		




  639
  639
  
    
      } catch (SQLException e) {


  		




  640
  640
  
    
        throw new 


  		




  ......




  642
  642
  
    
                     "Error checking ownership for " + principal +


  		




  643
  643
  
    
                     " on document #" + docid + ". " + e.getMessage());


  		




  644
  644
  
    
      }


  		




  
  645
  
    
      


  		




  
  646
  
    
      //check to see if the file we are checking is an access file and if the


  		




  
  647
  
    
      //user that is trying to update it has ALL permissions


  		




  
  648
  
    
      try


  		




  
  649
  
    
      {


  		




  
  650
  
    
        pstmt = conn.prepareStatement("select 'x' from xml_access where " +


  		




  
  651
  
    
                                      "accessfileid like '" + docid + 


  		




  
  652
  
    
                                      "' and principal_name like '" + principal +


  		




  
  653
  
    
                                      "' and perm_type like 'allow' and " +


  		




  
  654
  
    
                                      "permission = 7");


  		




  
  655
  
    
        pstmt.execute();


  		




  
  656
  
    
        ResultSet rs = pstmt.getResultSet();


  		




  
  657
  
    
        boolean hasRow = rs.next();


  		




  
  658
  
    
        pstmt.close();


  		




  
  659
  
    
        if(hasRow)


  		




  
  660
  
    
        {


  		




  
  661
  
    
          return true;


  		




  
  662
  
    
        }


  		




  
  663
  
    
      }


  		




  
  664
  
    
      catch(SQLException e)


  		




  
  665
  
    
      {


  		




  
  666
  
    
        throw new SQLException("AccessControlList.hasPermission():2 " +


  		




  
  667
  
    
                     "Error checking ownership for " + principal +


  		




  
  668
  
    
                     " on document #" + docid + ". " + e.getMessage());


  		




  
  669
  
    
      }


  		




  645
  670
  
    

  		




  646
  671
  
    
      // check @principal's @permission on @docid from xml_access table


  		




  647
  672
  
    
      int accessValue = 0;


  		












Also available in:  Unified diff