Metacat

/**

 *  '$RCSfile$'

 *    Purpose: A Class that loads eml-access.xml file containing ACL

 *             for a metadata document into relational DB

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Jivka Bojilova

 *    Release: @release@

 *

 *   '$Author$'

 *     '$Date$'

 * '$Revision$'

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

package edu.ucsb.nceas.metacat;

import java.io.*;

import java.sql.*;

import java.util.Stack;

import java.util.Vector;

import java.net.URL;

import java.net.MalformedURLException;

import org.xml.sax.Attributes;

import org.xml.sax.InputSource;

import org.xml.sax.EntityResolver;

import org.xml.sax.ErrorHandler;

import org.xml.sax.SAXParseException;

import org.xml.sax.XMLReader;

import org.xml.sax.helpers.XMLReaderFactory;

import org.xml.sax.helpers.DefaultHandler;

/**

 * A Class that loads eml-access.xml file containing ACL for a metadata

 * document into relational DB. It extends DefaultHandler class to handle

 * SAX parsing events when processing the XML stream.

 */

public class AccessControlList extends DefaultHandler {

  private static final int READ = 4;

  private static String isnull = MetaCatUtil.dbAdapter.getIsNULLFunction();

  private Stack elementStack;

  private String 	doctype;

  private String 	systemid;

  private Vector resourceURL;

  private Vector resourceID;

  private String permType;

  private String permOrder;

  private String endTime;

  private int    ticketCount;

  private Vector aclObjects = new Vector();

  private String tagName = "";

   * Construct an instance of the AccessControlList class.

   * and from "getaccesscontrol" action

  /**

   * Construct an instance of the AccessControlList class.

   *

   * @param conn the JDBC connection where acl data are loaded

   *        resides.

    this.server = MetaCatUtil.getOption("server");

    this.sep = MetaCatUtil.getOption("accNumSeparator");

    this.conn = conn;

    this.parserName = parserName;

    this.resourceID = new Vector();

    this.ticketCount = 0;

    DocumentImpl acldoc = new DocumentImpl(conn, aclid);

    String acl = acldoc.toString();

    this.rev = acldoc.getRev();

    // Initialize the parse

    parser.parse(new InputSource(new StringReader(acl)));

//  /**

//   * Construct an instance of the AccessControlList class.

//   * It parses eml-access file and loads acl data into db connection.

//   * It is used from command line execution.

//   *

//   * @param conn the JDBC connection where acl data are loaded

//   * @param docid the Accession# of the document with the acl data

//   * @param aclfilename the name of acl file containing acl data

//   * @param user the user connected to MetaCat servlet and owns the document

//   * @param groups the groups to which user belongs

//   */

//  public AccessControlList( Connection conn, String aclid, String aclfilename,

//                           String user, String[] groups )

//                  throws SAXException, IOException, McdbException

//  {

//    this(conn, aclid, new FileReader(new File(aclfilename).toString()),

//         user, groups, 1);

//  }

  {

    XMLReader parser = null;

    // Get an instance of the parser

    parser = XMLReaderFactory.createXMLReader(parserName);

    // Set Handlers in the parser

    // Set the EntityReslover to DBEntityResolver instance

    EntityResolver eresolver = new DBEntityResolver(conn,this,null);

    parser.setEntityResolver((EntityResolver)eresolver);

  /**

  public void startDocument() throws SAXException

  {

    //delete all previously submitted permissions @ relations

    //this happens only on UPDATE of the access file

    try {

        deletePermissionsForRelatedResources(aclid);

      }

    } catch (SQLException sqle) {

      throw new SAXException(sqle);

    }

  }

  /**

   * the acl information in class variables.

   */

  public void startElement (String uri, String localName,

                            String qName, Attributes atts)

         throws SAXException

  {

    if(localName.equals("allow"))

    {

      tagName = "allow";

    }

    else if(localName.equals("deny"))

    {

      tagName = "deny";

    }

    if (atts != null) {

      int len = atts.getLength();

      for (int i = 0; i < len; i++) {

        currentNode.setAttribute(atts.getLocalName(i), atts.getValue(i));

      }

    }

  }

  /**

   * the acl information in class variables.

         throws SAXException

  {

    {

      return;

    }

    String currentTag = currentNode.getTagName();

          permission = permission | READ;

        } else if ( inputString.trim().toUpperCase().equals("WRITE") ) {

          permission = permission | WRITE;

          permission = permission | CHMOD;

          permission = permission | ALL;

        beginTime = inputString.trim();

        endTime = inputString.trim();

        try {

          ticketCount = (new Integer(inputString.trim())).intValue();

        } catch (NumberFormatException nfe) {

          throw new SAXException("Wrong integer format for:" + inputString);

        }

  }

  /**

   * the acl information in class variables.

   */

  public void endElement (String uri, String localName, String qName)

         throws SAXException

  {

    String leavingTagName = leaving.getTagName();

         leavingTagName.equals("deny")    ) {

      if ( permission > 0 ) {

        try {

          for (int i=0; i < aclObjects.size(); i++) {

            // docid of the current object

            String docid = (String)aclObjects.elementAt(i);

            DocumentIdentifier docID = new DocumentIdentifier(docid);

            docid = docID.getIdentifier();

            insertPermissions(docid,leavingTagName);

          }

          throw new SAXException(sqle);

          throw new SAXException(e);

      }

      endTime = null;

      ticketCount = 0;

  }

    * SAX Handler that receives notification of DOCTYPE. Sets the DTD.

    * @param name name of the DTD

    * @param publicId Public Identifier of the DTD

    * @param systemId System Identifier of the DTD

    */

              throws SAXException {

    docname = name;

    doctype = publicId;

    systemid = systemId;

  }

  /**

   * @param name name of the entity

  public void startEntity(String name) throws SAXException {

    if (name.equals("[dtd]")) {

      processingDTD = true;

    }

  }

  /**

   * @param name name of the entity

  public void endEntity(String name) throws SAXException {

    if (name.equals("[dtd]")) {

      processingDTD = false;

    }

  }

  /**

  public String getDocname() {

    return docname;

  }

  /**

  public boolean processingDTD() {

    return processingDTD;

  }

  private Vector getACLObjects(String aclid)

  {

                             "SELECT object FROM xml_relation " +

    pstmt.execute();

    ResultSet rs = pstmt.getResultSet();

    boolean hasRows = rs.next();

    while (hasRows) {

      aclObjects.addElement(rs.getString(1));

      hasRows = rs.next();

    }

    pstmt.close();

    return aclObjects;

  private void deletePermissionsForRelatedResources(String aclid)

  {

  }

  {

      pstmt = conn.prepareStatement(

              "INSERT INTO xml_access " +

              "begin_time,end_time,ticket_count, accessfileid) VALUES " +

              "(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?,?)");

      pstmt.setString(4, permType);

      pstmt.setString(5, permOrder);

      pstmt.setString(6, beginTime);

      pstmt.setString(7, endTime);

        pstmt.setString(8, "" + ticketCount);

      } else {

        prName = (String)principal.elementAt(j);

        pstmt.setString(2, prName);

        pstmt.execute();

      /*

        // check if there are conflict with permission's order

        String permOrderOpos = permOrder;

        int perm = getPermissions(permission, prName, docid, permOrder);

        if (  perm != 0 ) {

          if ( permOrder.equals("allowFirst") ) {

            permOrderOpos = "denyFirst";

          } else if ( permOrder.equals("denyFirst") ) {

            permOrderOpos = "allowFirst";

                    " for \"" + prName + "\" on document #" + docid +

                    " has/have been used with \"" + permOrderOpos + "\"");

      throw new

      SQLException("AccessControlList.insertPermissions(): " + e.getMessage());

  }

  private int getPermissions(int permission, String principal,

                             String docid, String permOrder)

          throws SQLException

  {

    PreparedStatement pstmt;

    pstmt = conn.prepareStatement(

            "SELECT permission FROM xml_access " +

            "AND principal_name = ? " +

            "AND perm_order NOT = ?");

    pstmt.setString(2, principal);

    pstmt.setString(3, permOrder);

    pstmt.execute();

    ResultSet rs = pstmt.getResultSet();

    boolean hasRow = rs.next();

    int perm = 0;

    while ( hasRow ) {

      perm = rs.getInt(1);

      perm = permission & perm;

      if ( perm != 0 ) {

        pstmt.close();

        return perm;

      }

      hasRow = rs.next();

    }

    pstmt.close();

    return 0;

  }

  /* Get the int value of READ, WRITE or ALL. */

  private int intValue ( String permission )

  {

    if ( permission.equals("READ") ) {

      return READ;

    } else if ( permission.equals("WRITE") ) {

      return WRITE;

    } else if ( permission.equals("ALL") ) {

      return ALL;

    }

    return -1;

  }

  /* Get the text value of READ, WRITE or ALL. */

  private String txtValue ( int permission )

  {

    StringBuffer txtPerm = new StringBuffer("\"");

    if ( (permission & READ) != 0 ) {

      txtPerm.append("read");

    }

    if ( (permission & WRITE) != 0 ) {

      if ( txtPerm.length() > 0 ) txtPerm.append(",");

      txtPerm.append("write");

    }

    if ( (permission & ALL) != 0 ) {

      if ( txtPerm.length() > 0 ) txtPerm.append(",");

      txtPerm.append("all");

    }

    return txtPerm.append("\"").toString();

  }

    * Check from db connection if at least one of the list of @principals

    * has @permission on @docid.

    * @param permission permission type to check for

    * @param principals list of names of principals to check for @permission

    * @param docid document identifier to check on

    */

  public boolean hasPermission(String permission, String user,

                               String[] groups, String docid )

                 throws SQLException

    if ( (user == null) && (groups == null || groups.length == 0) ) {

      return true;

    }

    // Check for @permission on @docid for @user and/or @groups

    boolean hasPermission = hasPermission(permission,user,docid);

    int i = 0;

    if ( groups != null ) {

      while ( !hasPermission && i<groups.length ) {

        hasPermission = hasPermission(permission,groups[i++],docid);

    }

    if ( !hasPermission ) {

      hasPermission = hasPermission(permission,"public",docid);

    }

    return hasPermission;

  }

  /**

    * @param principal name of principal to check for @permission

                                String principal, String docid)

  {

      try {

        boolean hasRow = rs.next();

        pstmt.close();

        if (hasRow) {

          return true;

        }

        throw new

    // since owner of resource has all permission on it,

      try {

        ResultSet rs = pstmt.getResultSet();

        boolean hasRow = rs.next();

        pstmt.close();

        if (hasRow) {

          return true;

      } catch (SQLException e) {

        throw new

                     "Error checking ownership for " + principal +

      //check to see if the file we are checking is an access file and if the

      //user that is trying to update it has ALL permissions

      try

      {

        pstmt = conn.prepareStatement("select 'x' from xml_access where " +

                                      "accessfileid like '" + docid +

                                      "' and principal_name like '" + principal +

                                      "' and perm_type like 'allow' and " +

                                      "permission = 7");

        pstmt.execute();

        ResultSet rs = pstmt.getResultSet();

        boolean hasRow = rs.next();

        pstmt.close();

        if(hasRow)

        {

          return true;

        }

      }

      catch(SQLException e)

      {

        throw new SQLException("AccessControlList.hasPermission():2 " +

                     "Error checking ownership for " + principal +

                     " on document #" + docid + ". " + e.getMessage());

      }

      int ticketCount = 0;

      String permOrder = "";

      try {

                "FROM xml_access " +

                "AND principal_name = ? " +

                "AND perm_type = ? " +

                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +

                     "AND " + isnull + "(end_time," + sysdate + ")");

        pstmt.execute();

        ResultSet rs = pstmt.getResultSet();

        boolean hasRows = rs.next();

        while ( hasRows ) {

          accessValue = rs.getInt(1);

          permOrder = rs.getString(2);

          ticketCount = rs.getInt(3);

          if ( ( accessValue & intValue(permission) ) == intValue(permission) &&

            if ( !rs.wasNull() && ticketCount > 0 ) {

            pstmt.close();

            return false;

          }

          hasRows = rs.next();