Revision 944
Added by Jing Tao over 22 years ago
| src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
|---|---|---|
| 277 | 277 |
permission = permission | READ; |
| 278 | 278 |
} else if ( inputString.trim().toUpperCase().equals("WRITE") ) {
|
| 279 | 279 |
permission = permission | WRITE; |
| 280 |
} else if ( inputString.trim().toUpperCase().equals("CHANGEPERMISSION") ) {
|
|
| 280 |
} else if ( inputString.trim().toUpperCase().equals("CHANGEPERMISSION"))
|
|
| 281 |
{
|
|
| 281 | 282 |
permission = permission | CHMOD; |
| 282 | 283 |
} else if ( inputString.trim().toUpperCase().equals("ALL") ) {
|
| 283 | 284 |
permission = permission | ALL; |
| ... | ... | |
| 586 | 587 |
String principal, String docid) |
| 587 | 588 |
throws SQLException |
| 588 | 589 |
{
|
| 589 |
//System.out.println("Does " + principal + " have " + permission + " on " + docid);
|
|
| 590 |
//detele the rev number if docid contains it |
|
| 591 |
docid=MetaCatUtil.getDocIdFromString(docid); |
|
| 590 | 592 |
PreparedStatement pstmt; |
| 591 |
// check public access to @docid from xml_documents table |
|
| 592 |
if ( permission.equals("READ") ) {
|
|
| 593 |
try {
|
|
| 594 |
pstmt = conn.prepareStatement( |
|
| 595 |
"SELECT 'x' FROM xml_documents " + |
|
| 596 |
"WHERE docid = ? AND public_access = 1"); |
|
| 597 |
// Bind the values to the query |
|
| 598 |
pstmt.setString(1, docid); |
|
| 599 |
|
|
| 600 |
pstmt.execute(); |
|
| 601 |
ResultSet rs = pstmt.getResultSet(); |
|
| 602 |
boolean hasRow = rs.next(); |
|
| 603 |
pstmt.close(); |
|
| 604 |
if (hasRow) {
|
|
| 605 |
return true; |
|
| 606 |
} |
|
| 607 |
|
|
| 608 |
|
|
| 609 |
} catch (SQLException e) {
|
|
| 610 |
throw new |
|
| 611 |
SQLException("AccessControlList.hasPermission(). " +
|
|
| 612 |
"Error checking public access for document #"+docid+ |
|
| 613 |
". " + e.getMessage()); |
|
| 614 |
} |
|
| 615 |
} |
|
| 616 | 593 |
|
| 594 |
|
|
| 617 | 595 |
// since owner of resource has all permission on it, |
| 618 | 596 |
// check if @principal is owner of @docid in xml_documents table |
| 619 | 597 |
if ( principal != null ) {
|
| ... | ... | |
| 646 | 624 |
{
|
| 647 | 625 |
pstmt = conn.prepareStatement("select 'x' from xml_access where " +
|
| 648 | 626 |
"accessfileid like '" + docid + |
| 649 |
"' and principal_name like '" + principal +
|
|
| 627 |
"' and principal_name like '" + principal+ |
|
| 650 | 628 |
"' and perm_type like 'allow' and " + |
| 651 | 629 |
"permission = 7"); |
| 652 | 630 |
pstmt.execute(); |
| ... | ... | |
| 696 | 674 |
( permOrder.equals("allowFirst") ) &&
|
| 697 | 675 |
( rs.wasNull() || ticketCount > 0 ) ) {
|
| 698 | 676 |
if ( !rs.wasNull() && ticketCount > 0 ) {
|
| 699 |
decreaseNumberOfAccess(accessValue,principal,docid,"deny","allowFirst"); |
|
| 677 |
decreaseNumberOfAccess(accessValue,principal,docid, |
|
| 678 |
"deny","allowFirst"); |
|
| 700 | 679 |
} |
| 701 | 680 |
pstmt.close(); |
| 702 | 681 |
return false; |
| 703 | 682 |
} |
| 704 | 683 |
hasRows = rs.next(); |
| 705 | 684 |
} |
| 706 |
//System.out.println("Passed the check for \"deny\" access with \"allowFirst\"");
|
|
| 685 |
|
|
| 707 | 686 |
|
| 708 | 687 |
// it is not denied then check if it is "allow" |
| 709 | 688 |
// Bind the values to the query |
| ... | ... | |
| 721 | 700 |
if ( ( accessValue & intValue(permission) )==intValue(permission) && |
| 722 | 701 |
( rs.wasNull() || ticketCount > 0 ) ) {
|
| 723 | 702 |
if ( !rs.wasNull() && ticketCount > 0 ) {
|
| 724 |
decreaseNumberOfAccess(accessValue,principal,docid,"allow",permOrder); |
|
| 703 |
decreaseNumberOfAccess(accessValue,principal, |
|
| 704 |
docid,"allow",permOrder); |
|
| 725 | 705 |
} |
| 726 | 706 |
pstmt.close(); |
| 727 | 707 |
return true; |
| 728 | 708 |
} |
| 729 | 709 |
hasRows = rs.next(); |
| 730 | 710 |
} |
| 731 |
//System.out.println("Passed the check for \"allow\" access");
|
|
| 711 |
|
|
| 732 | 712 |
|
| 733 | 713 |
// it is not allowed then check if it is "deny" with "denyFirst" |
| 734 | 714 |
// Bind the values to the query |
| ... | ... | |
| 747 | 727 |
( permOrder.equals("denyFirst") ) &&
|
| 748 | 728 |
( rs.wasNull() || ticketCount > 0 ) ) {
|
| 749 | 729 |
if ( !rs.wasNull() && ticketCount > 0 ) {
|
| 750 |
decreaseNumberOfAccess(accessValue,principal,docid,"deny","denyFirst"); |
|
| 730 |
decreaseNumberOfAccess(accessValue,principal,docid, |
|
| 731 |
"deny","denyFirst"); |
|
| 751 | 732 |
} |
| 752 | 733 |
pstmt.close(); |
| 753 | 734 |
return false; |
| 754 | 735 |
} |
| 755 | 736 |
hasRows = rs.next(); |
| 756 | 737 |
} |
| 757 |
//System.out.println("Passed the check for \"deny\" access wirh \"denyFirst\"");
|
|
| 758 | 738 |
|
| 739 |
|
|
| 759 | 740 |
pstmt.close(); |
| 760 | 741 |
return false; |
| 761 | 742 |
|
| ... | ... | |
| 841 | 822 |
try {
|
| 842 | 823 |
|
| 843 | 824 |
isOwned = isOwned(docid, user); |
| 844 |
systemID = getSystemID((String)MetaCatUtil.getOptionList(accDoctype).elementAt(0)); |
|
| 825 |
systemID = getSystemID((String)MetaCatUtil. |
|
| 826 |
getOptionList(accDoctype).elementAt(0)); |
|
| 845 | 827 |
publicAcc = getPublicAccess(docid); |
| 846 | 828 |
|
| 847 | 829 |
output.append("<?xml version=\"1.0\"?>\n");
|
Also available in: Unified diff
Code to handle "read" permission was changed in hasPermission method. The old code used old way to look up the public_access field in xml_documents table.